Cortex™ XSOAR

Integration

Devo + Cortex™ XSOAR Details

Users can now leverage Cortex™ XSOAR’s (formerly Demisto) security orchestration and automation capabilities with Devo’s real-time, context-rich data insights for efficient incident response. Integration Features:

  • Hunt and investigate IOCs in Devo and leverage Cortex™ XSOAR playbooks to automate and manage analyst response.
  • Enrich all your security data and detect real-time threats with Devo and trigger automated workflows and response with Cortex™ XSOAR.
  • Leverage hundreds of Cortex™ XSOAR third-party product integrations to coordinate response across security functions based on insights from Devo.
  • Run 100s of commands (including for Devo) interactively via a ChatOps interface while collaborating with other analysts and Cortex™ XSOAR’s chatbot.

Devo + Cortex™ XSOAR Integration Use Cases

Use Case #1: Automated Incident Enrichment And Response

Challenge: If SOCs use different solutions for security analytics and incident response, it can be tough to track the lifecycle of an incident due to fragmented information and lack of central documentation. Instead, analysts are stuck completing low-level tasks and manually building the workflow rather than quickly resolving an incident.

Solution: SOCs can use Devo for high-volume, high-velocity data correlation, enrichment and visualization, and Cortex™ XSOAR Enterprise for security task orchestration and automation to trigger playbooks at incident creation. These playbooks will orchestrate response actions across the entire stack of products for a single seamless workflow. For example, analysts can create tickets, quarantine endpoints, retrieve PCAPs and send emails as automated playbook tasks.

Benefit: Devo’s context-rich, real-time security data analytics coupled with Cortex™ XSOAR playbooks speed incident triage and resolution. The seamless workflow enables analysts to gain a comprehensive view of the incident’s lifecycle, access all documentation in a single platform and speed investigative and response actions through automated insight.

Use Case #2 Interactive, Real-time Forensics Of Complex Threats

Challenge: While automated playbooks can reduce analyst workloads, a forensic investigation usually requires additional tasks, such as pivoting across multiple data views to gather critical evidence, drawing relationships between different incidents and defining remediation steps. Analysts need full access to all of their security data, with context, to enable them to make accurate and rapid decisions.

Benefit: The War Room allows analysts to quickly pivot on all security data in Devo and run unique commands relevant to incidents in their network, from a single window. All participating analysts will have full task-level visibility into the process and be able to run and document commands from the same window. Auto-documentation of all automation and analyst actions allow for reports to be generated quickly for executive review or post-investigation debriefs.

Solution: After running playbooks, analysts can then gain greater visibility and new, actionable insights into the attack by running Devo commands in the Cortex™ XSOAR War Room to draw on all security data, context and threat intelligence. The War Room will document all analyst actions and suggest the most effective analysts and command-sets with time.

Devo + Cortex XSOAR Demo


About Cortex™ XSOAR

Cortex™ XSOAR is a single platform that orchestrates actions across your entire security product stack for faster and more scalable incident response. You can streamline processes, connect disparate tools and automate manual, repetitive tasks that don’t require human intervention. SecOps teams have used Cortex XSOAR to automate up to 95% of all response actions, enabling their analysts to focus on the critical incidents that require their attention.

Need more information?

See how Devo and Cortex XSOAR can help you speed investigation and response times.