Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figure out the sequence of actions that need to be automated, and bring together the mass of data from disparate tools. This inaugural SANS Automation & Integration Vendor Briefing will provide practical and actionable examples of the sequence of steps that an organization needs to take to utilize these tools. It will also provide customer examples of what has and has not worked for organizations.