Freely subscribe to our NEWSLETTER

The integration leverages Endace’s rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR’s powerful automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.

Analysts can leverage Cortex XSOAR’s integration with Endace’s InvestigationManager™ and EndaceVision™ for detailed packet level investigations across global EndaceProbe estates. This lets them pivot from an investigation in Cortex XSOAR directly to the global packet history related to that incident to extend their investigation and drill down to investigate associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.

Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management to transform every stage of the incident lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intel and automate response for any security use case - resulting in significantly faster responses that require less manual review.

The EndaceProbe Analytics Platform combines 100% accurate, network-wide packet capture with the ability to host and integrate with a wide range of commercial and open source network security and performance solutions to deliver definitive evidence for troubleshooting network and application performance issues and responding to cyberthreats.