<![CDATA[The rapid development of digital technology increases the complexity of cyber threats, which are now increasingly sophisticated and organised, targeting individuals, enterprises and critical infrastructure. Therefore, an information security system capable of automatically detecting and responding to threats is an urgent need. This research aims to examine the implementation of Extended Detection and Response (XDR) in the Security Operation Centre (SOC) and Computer Security Incident Response Team (CSIRT) to improve the effectiveness of information security systems. The method used is experimental with testing in a controlled environment using Wazuh as the XDR platform. This study analyses how XDR collects, analyses and responds to log data in real-time to detect threats more accurately. The results show that XDR is able to improve threat detection by integrating logs from multiple sources, including endpoints, networks, and cloud services, and automating incident mitigation for faster response. The integration of Machine Learning in XDR is also proven to improve attack detection accuracy, reduce false positives, and speed up incident analysis. In conclusion, XDR is a comprehensive solution for modern information security systems, especially in the context of SOC and CSIRT, with its capabilities in detection-based analytics, multi-source data correlation, and automated response to threats. Based on this test, the efficiency of XDR in detecting and mitigating malware attacks is 98.3% using up to 60 malware and respons time under 10 second. Therefore, the implementation of XDR is recommended for organisations looking to enhance their security systems in a more adaptive and proactive manner in the face of evolving cyber threats.]]>
