Consultants from Defensys’s Center of expertise along with our partners are ready to map the current correlation rules of SIEMs and other security tools of our customers with MITRE tags so that the incident registered in SOAR will already contain all the needed data.
“It’s been almost a year and a half since we started this practise with one of our Telecom customers. At the moment we’ve got all SOAR implementation projects where this mapping exists. This way you can ease the process of incidents classification, adopt proper playbooks, draw metrics with statistics. And of course you can speak the same language with the community when it comes to discuss some interesting or critical cases.” – says Andrey Chechetkin, Deputy CEO of Defensys.
We’d like to remind you that after the implementation of the Defensys SOAR in the incident card a customer is able to see:
- a lot of preinstalled fields that will be filled automatically as the result of different integrations;
- fields customised with the customer’s needs;
- relations with assets: both technical and business assets;
- visually represented playbooks;
- data enriched from either customer’s systems (e.g TIP, CMDB, VM scanner, AV tools, SIEM, etc) of from external sources (e.g. reputational bases);
- results of connectors and scripts execution.
So this data automatically appears in the card, where analysts make decisions how to continue the response process. And of course the Defensys SOAR can work directly with other products of our ecosystem.
Please feel free to contacts us with your questions and demo requests.