HITB LAB: Bring Your Own SOAR: Automated Incident Response


August 24, 2023





Incident response involves processes beyond investigations like alert management, tuning detections, communication, tracking incident-related metrics, handoffs, etc, that can be tedious, repetitive, and time consuming, especially considering our all-remote environment at GitLab. For that purpose, our incident response team has developed a set of (mostly) Slack-based tools to standardize the process for incident response management and therefore reducing technical, as well as administrative overhead during incidents, through automation (and even gamification!)

These tools leverage platforms like GitLab, Slack, our SIEM, PagerDuty, and Google Workspace to optimize the workflow of our busy incident response team. Our tools are operated within Slack and connect to our critical cloud-based systems for incident response, as well as our automation platform, Tines. With these tools integrated within our incident response processes, we’ve automated alert deployment through our detection as code CI/CD pipeline, incident severity and priority scoring, team handoffs, incident life trackers that follow compliance guidelines, labeling and metrics generation, and we’ve significantly reduced investigation time by e.g. automating operational communication feeds.

In this workshop, we share this solution and processes developed in-house and demonstrate how we as global incident response teams can best build our own SOAR solutions that fit our requirements and see firsthand how much our efficiency has increased. A portion of our own automation designs and scripts will be opensourced at the conference.


GitLab Security Incident Response Team

As a manager of the GitLab Security Incident Response Team, VM’s work consists of putting out cyber fires with her team, automating all the things and making pretty visuals. She is also the founder of WICCA, the Netherlands-based community of women in cybersecurity. Besides computers, VM likes Star Wars, dinosaurs, deathcore, poetry and useless things like stickers and D&D. If you don’t find her at the Lego store, she’s probably on top of a mountain.

Staff Security Engineer


With a decade of experience in the Information Security field, I am a seasoned Security Engineer. My expertise encompasses Detection and Response Engineering, Web Application Security, DDoS Mitigation, Incident Response, Intrusion Analysis, and Network Security Monitoring. Driven by my passion for the field, I continuously seek to expand my knowledge by learning new technologies. In my free time, I enjoy reading non-fiction books and exploring remote locations worldwide.