Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Endace Integrates with Palo Alto Networks Cortex XSOAR to Deliver Forensics for Accelerated Response to Cyberthreats

June 2020 by Marc Jacob

Endace announced that the EndaceProbe Analytics Platform, is now integrated with Palo Alto Networks Cortex XSOAR (previously Demisto), the industry’s first extended security, orchestration, automation and response platform with native threat intel management that empowers security leaders with instant capabilities against threats across their entire enterprise. Through this integration, Endace and Cortex XSOAR provide customers with network packet capture from within Cortex XSOAR playbooks to enable accelerated, evidence-led, forensic investigation of cyberthreats.

The integration leverages Endace’s rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR’s powerful automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.

Analysts can leverage Cortex XSOAR’s integration with Endace’s InvestigationManager™ and EndaceVision™ for detailed packet level investigations across global EndaceProbe estates. This lets them pivot from an investigation in Cortex XSOAR directly to the global packet history related to that incident to extend their investigation and drill down to investigate associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.

Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management to transform every stage of the incident lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intel and automate response for any security use case - resulting in significantly faster responses that require less manual review.

The EndaceProbe Analytics Platform combines 100% accurate, network-wide packet capture with the ability to host and integrate with a wide range of commercial and open source network security and performance solutions to deliver definitive evidence for troubleshooting network and application performance issues and responding to cyberthreats.




See previous articles

    

See next articles