Cortex XSOAR helps automate and accelerate incident response across your cloud environment.
Cortex XSOAR is a Security Orchestration, Automation, and Response (SOAR) platform that helps you coordinate and accelerate incident response across your cloud environment. We integrate with a host of Azure services and 100s of security/IT products to help you automate and standardize incident response for more efficient security operations.
Cortex XSOAR & Azure integrations:
Azure Compute, Azure Feed, Azure Security Center. Other Microsoft Integrations include: Microsoft Active Directory, Exchange Web Services, Microsoft Graph Calendar, Microsoft Graph Groups, Microsoft Graph Mail, Microsoft Graph Security, Microsoft Server, Microsoft Defender Advanced Threat Protection.
Automate Enrichment and Response:
Too many alerts and manual tasks? Our task-based playbooks can help you automate tasks within your incident workflow such as distribution of alerts to stakeholders, IOC/user/asset data enrichment, updating whitelists/blacklists with intel from threat feeds, or automate the end-to-end response for specific use cases such as cryptocurrency mining or phishing attacks.
Schedule Operational Tasks:
Our playbooks can also be scheduled to run health/maintenance checks of your cloud environment. For example, you could monitor and automatically shut-down rogue VPC spin ups and send notifications to asset owners.
Combine Cloud and On-Premise Incident Response:
Our orchestration platform executes workflows that coordinate across multi-cloud and on-premise security environments. For example, when an alert comes in, a Cortex XSOAR playbook can automatically extract IOCs, perform reputation checks, and push any malicious IOCs to blacklists across both cloud and on-prem firewalls.
Investigate in real-time:
After running automated playbooks, your analysts can gain new actionable information about the attack by running Azure services commands in the Cortex XSOAR War Room, reducing the need for console switching. All actions are auto-documented for easy reporting and analysis.