For Security Operations (SECOPS)
Automate Detection and Response Actions
- Design playbooks with multitude of connectors that enable integrations with services such VirusTotal;
- Execute playbooks against threats alerted by SIEM products such as Splunk, Elastic;
- Workflow-driven case management system respond to threats in a collaborative manner;
- Data enrichment automation by collecting data from SIEM logs and mapping them to case fields;
- Hook to any system's or application's events to initiate a workflow.
Convert repetitive and tedious security tasks into customized workflows that are executed automatically, scheduled, or event-driven; Examples:
- Routinely check for system's updates that are critical to be installed;
- During identity JML process, initiate a workflow that hooks to HR systems and disables all relevant software or system accounts related to the resource;
- Hook to observability tools such as Elastic, Prometheus, AppDynamics, Datadog, to execute a local workflow that is managed centrally.
For Managed service providers (MSSP
The Cyberorxestra platform is ideal for MSSPs because it provides an end-to-end security automation solution that can be managed centrally but executed locally on each client network where there is a zero-trust protocol.
- Same benefits and advantages as for SECOPs;
- Manage playbooks centrally in a public ecosystem such as Azure or Amazon cloud while executing playbooks in the clients' private local systems;
- Integrate the with a client's local SIEM system that can request the cloud centralized SOAR platform for a playbook based on a threat, and have it executed on the local network;
- Schedule and execute any form security workflow that goes beyond SIEM/SOAR responsibility to meet a clients' needs on local networks;
- Hook to any system's or application's events to initiate a workflow.
Integration with Elastic SIEM, end-to-end security solution
Elastic SIEM ensures security information including logs and events are orchestrated and captured and made available in central location to the SOC. The next step usually consumes countless of hours of investigation with manual tasks and could impact productivity and mean time to respond (MTTR). CyberOrxestra's automation and incident management platform, integrated with Elastic SIEM, accelerates investigation and response by automating data enrichment, response actions and threat mitigation. Visually create rules and conditions to query Elastic SIEM and automate security playbooks when conditions are met; Create incident tickets when required and manage its resolution cycle through the custom business process management platform. Integrate with Microsoft Sharepoint and Teams for collaboration across multiple units and teams.
Easily onboard diverse data into Elastic SIEM from endpoints, host and network sources, cloud applications and more. Harmonize visualization through Kibana, prevent switching screens to collate information from disparate sources. View list of integrations here: https://www.elastic.co/integrations?solution=security
Powered by Cyberorxestra's Workflow Platform
The out-of-the-box incident response tool offers all the functionality you need to create, track and resolve security incidents.
- Add rules, assignments, conditions, switches, states, transitions, loops and actions;
- Create clients, users, groups and business units;
- Create incident categories and types;
- Harmonize tagging for post-incident reporting;
- Prioritize incidents for quick action;
- Enable reconstructed timelines of actions taken, and support post-incident reviews;
- Create metrics and dashboards for reporting;
- Integrate to existing monitoring systems (AV, SIEM, ElasticSearch).