SOAR Platform / Blog / Why Integrations are Important for Your SOAR Environment 

Why Integrations are Important for Your SOAR Environment 

Why Integrations are Important for Your SOAR Environment 

There are numerous integrations for your SOAR product on the market, but why are integrations for your soar platforms environment important?

Maximize your security stack by keeping it updated because it will allow you to fully leverage all of your tools’ capabilities. Integrations are crucial in your security environment for many reasons. Most importantly, they allow security analysts and SOC teams to keep their enterprise’s infrastructure secure. SOAR products are most effective when select connectors are integrated. Often security analysts already have a handful of tools that they use for handling alerts, incident management, and remediation. Above all, it will allow you to better orchestrate, automate, and respond with your existing tools and teams in near real-time.

For instance, automatically correlate related alerts from across your security tools into a single incident for investigation, triage, and remediation steps. Cybersponse’s SOAR platform has more integrations (280+) than any other SOAR product on the market! Go to the CyOPs™ Connector Repository for the current list of connectors to integrate. 

Latest CyberSponse Certified Connectors:

  1. Symantec Email Security.cloud v2.0.1
  2. McAfee ESM v2.5.0
  3. Foresight v1.0.1
  4. Cisco SMA v1.0.0 – *
  5. Cloudera EDH v1.0.0 – *

For more information on our SOAR product, go to our homepage.

*Connectors Not Certified by CyberSponse  

Symantec Email Security.cloud v2.0.1

Symantec Email Security.cloud stops email threats, like targeted spear-phishing. Blocking the sender IPs, domains, URLs, and email addresses. After integrating this into your SOAR product, this connector facilitates automated interactions, with Symantec Email Security.cloud server using CyOPs™ playbooks. Add the Symantec Email Security.cloud connector as a step in CyOPs™ playbooks to perform automated operations. For instance blacklisting email addresses, domains, URLs, IP addresses, specific IOCs, and downloading IOCs from Symantec Email Security.cloud.

The latest update of this connector allows the following new action.
  • Renew All Blacklist IOC, which allows users to renew all IOCs for a specific domain or all domains. To renew the IOCs of a specific name just specify the name of the domain. Another option would be to renew the IOCs for all domains then specify “global”.

Learn More About Symantec Email Security.cloud

McAfee ESM v2.5.0

McAfee Enterprise Security Manager (ESM) is a security information and event management (SIEM) solution that delivers actionable intelligence and integrations. The first step is to prioritize, then investigate, and finally respond to known threats. Therefore this connector facilitates automated interactions with a McAfee ESM server using CyOPs™ playbooks. By adding the McAfee ESM connector as a step in CyOPs™ playbooks and perform automated operations. For example, creating or editing a case in McAfee based on an alarm or retrieving details of a specific case from McAfee ESM.

The latest update of this connector enables the following new operations below
  • Enhanced the >McAfee ESM > Fetch data ingestion playbook to support the setting of timezone while fetching data from McAfee ESM using the CyOPs™ Data Ingestion Wizard. For information about data ingestion, see the “Data Ingestion” chapter in the CyOPs™ product documentation.
  • Also, timezones were added as input parameters. Choose “Custom” in the “Time Range” field of the “Get Alarms” operation. 

Learn More About McAfee ESM v2.5.0

Foresight v1.0.1

Foresight is a real-time analytics platform that leverages and co-relates data from multiple sources. This enables the discovery of valuable insights about the end-to-end network. This connector facilitates automated interactions with the Foresight server and API using CyOPs™ playbooks. Adding the Foresight connector as a step in CyOPs™ playbooks will allow you to perform automated operations. Similarly to creating or updating a ticket in Foresight or searches for tickets in Foresight.

The following enhancements have been made to the Foresight connector in version 1.0.1.
  • New operations and playbooks: Cancel Ticket, Close Ticket, Re-Assign Ticket and Add Comment.
  • A new configuration parameter was added, “Auth Token”.This is used to connect to the Foresight server.
  •  Also, you have Updated input parameters for the Update Ticket operation.

Learn More About Foresight v1.0.1

Cisco SMA v1.0.0*

The Cisco Content Security Management Appliance (SMA) centralizes management and reporting functions across multiple Cisco email and web security appliances. It simplifies administration and planning, improves compliance monitoring, helps to enable consistent enforcement of policies, and enhances threat protection. This connector facilitates automated interactions with a Cisco SMA server using CyOPs™ playbooks. Add the Cisco SMA connector as a step in CyOPs™ playbooks and perform automated operations. An example of this is automatically tracking emails in Cisco SMA, and retrieving message details from Cisco SMA. Furthermore releasing specific emails from quarantine in Cisco SMA.

These automated actions are supported by the connector and can be included in playbooks.
  • Track emails: Track emails on Cisco SMA based on the search option, start and end time of the emails in addition to other input parameters that you have specified.
  • Get Message Details: Retrieve details of a specific message from Cisco SMA based on the start and end time of the message, ICID, message ID, in addition to, other input parameters that you have specified.
  • Fetch Emails From SPAM Quarantine: Fetch emails from the SPAM quarantine in Cisco SMA based on the start and end time of the emails other input parameters that you have specified.
  • Fetch Emails From Other Quarantine: Fetch emails from a specific quarantine in Cisco SMA based quarantine name, quarantine type, the start and end time of the emails, and additional input parameters that you have specified.
  • Release Emails From Quarantine: Release specific emails from quarantine in Cisco SMA based on the quarantine name, quarantine type, and message IDs you have specified.
  • Furthermore, you can  – Delete Message: Delete specific emails from Cisco SMA based on the quarantine name, quarantine type, and message IDs you have specified.

Learn More About Cisco SMA v1.0.0*

*Connectors Not Certified by CyberSponse

Cloudera EDH v1.0.0*

Cloudera provides a scalable, flexible, integrated platform. Above all this tool makes it easy to manage rapidly increasing volumes and varieties of data in your enterprise. This connector facilitates automated interactions with a Cloudera EDH server using CyOPs™ playbooks. Add the Cloudera EDH connector as a step in CyOPs™ playbooks to perform automated operations. Running a query on the Cloudera EDH database to fetch data from the Cloudera EDH. In addition, it can retrieve a list of table names from the Cloudera EDH database.

These automated operations can be included in playbooks.
  • Execute Select Query: Execute a SELECT query on the connected Cloudera EDH database.
  • Run Query: Execute a query on the connected Cloudera EDH database.
  • Get Table List: Retrieve a list of all table names from the connected Cloudera EDH database.
  • It also includes, Get Columns: Retrieve the list of columns for a specific table from the connected Cloudera EDH database based on the table name you have specified.

Learn More About Cloudera EDH v1.0.0*

*Connectors Not Certified by CyberSponse

 

Leave your comments