Abstract: With the continuous development of meteorological services and operations,the architecture of meteorological networks is becoming more and more complex,and the threats to network security are also more diverse. At present,there are some problems in the provincial meteorological network security protection,such as low linkage of security devices,lack of automation,and difficulty in regularizing the experience of event disposal,etc. Therefore,it is necessary to explore the efficient,fast and reusable network protection methods from the actual needs of business. The network security automated operation and management platform based on security orchestration,automation and response （SOAR） technology can realize the linkage of various security devices,extract information such as alarms and security threats. All these can be automated according to preset scenario scripts and sent to operation and maintenance personnel for interaction in the form of work orders,ultimately forming a complete set of closed-loop management mechanisms. This platform can effectively improve the linkage capability between protection devices of provincial meteorological departments and accelerate the speed of incident response and disposal.

Key words: meteorological network security, safety automation operation, security orchestration, automated disposal