Endace Integrates with Palo Alto Networks Cortex XSOAR to Deliver Forensics for Accelerated Response to Cyberthreats
June 2020 by Marc Jacob
Endace announced that the EndaceProbe Analytics Platform, is now integrated with Palo Alto Networks Cortex XSOAR (previously Demisto), the industry’s first extended security, orchestration, automation and response platform with native threat intel management that empowers security leaders with instant capabilities against threats across their entire enterprise. Through this integration, Endace and Cortex XSOAR provide customers with network packet capture from within Cortex XSOAR playbooks to enable accelerated, evidence-led, forensic investigation of cyberthreats.
The integration leverages Endace’s rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR’s powerful automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.
Analysts can leverage Cortex XSOAR’s integration with Endace’s InvestigationManager™ and EndaceVision™ for detailed packet level investigations across global EndaceProbe estates. This lets them pivot from an investigation in Cortex XSOAR directly to the global packet history related to that incident to extend their investigation and drill down to investigate associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.
Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management to transform every stage of the incident lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intel and automate response for any security use case - resulting in significantly faster responses that require less manual review.
The EndaceProbe Analytics Platform combines 100% accurate, network-wide packet capture with the ability to host and integrate with a wide range of commercial and open source network security and performance solutions to deliver definitive evidence for troubleshooting network and application performance issues and responding to cyberthreats.