Automated Triage, Investigate, Remediate, Hunt
Triage and Prioritize Alerts
SOC Teams need to be smart when dealing with alerts pouring every minute. Uncovering potential compromises and threat candidates early while filtering out the false positives is critical to keeping your network secure. Here’s how CyOPs comes to your aid:
- Connects to threat intel providers to enrich indicators and alerts
- Auto enrichment reporting helps filter out the true-positive threat candidates early
- High severity queues automatically create notifications to team members
- Alert escalation provides Incident & auto task assignment workflows
Investigate Incidents
As important alerts are cornered by the auto-triaging and playbooks, the baton is passed on to the investigation workflows for remediation and response. These take of the following:
- Are the malicious indicators found elsewhere in the network? Search SIEM logs
- Were bad email links clicked on by any network users? Search Email Gateway Logs
- Search Endpoints to find copies and traces of the identified malicious hash and IP
- Obtain more relevant data from threat intelligence reports specific to the IOCs
- Correlate alert and incident data for threat hunting and exploration
