Demisto and Cortex XDR: Automated Data Visibility, Detection, and Response

Security teams face a massive number of security alerts every day as attackers rely on brute force, automation, and varied attack vectors to compromise target systems. It is virtually impossible for humans to scan through these alerts manually, resulting in overworked teams, increased error rates, and dangerous alerts slipping through the cracks.

Teams also struggle with disjointed data and processes during investigation and response. This challenge is caused by siloed data and products that, while valuable in an isolated sense, rarely interconnect to form a bigger attack picture. Security analysts must collect context manually, resulting in screen-switching, duplication of work, and repetitive processes.

Demisto integrates with Cortex XDR to provide teams with a continuous security platform, enabling them to unify data across sources, prevent and detect attacks, accelerate investigations, and automate repeatable tasks to reduce response times.

The integration features include

  • Ingest Cortex XDR incidents within Demisto for playbook-driven enrichment and response.
  • Update incident information in Cortex XDR based off insight gathered from playbooks and investigation within Demisto.
  • Get custom cross-sections of Cortex XDR incident information (such as related alerts, file artifacts, network artifacts) within Demisto, either as automated playbook tasks or in real-time within the War Room.
  • Leverage hundreds of Demisto third-party product integrations to execute response processes for Cortex XDR incidents that span across security products and functions.
  • Run thousands of commands across third-party products interactively via a ChatOps interface while collaborating with other analysts and Demisto’s chatbot.

Read more about use cases such as

  • Automated Incident Ingestion, Enrichment and Response
  • Real-Time Investigation for Complex Threats
  • Proactive Security for Continuous Improvement

in the Demisto Blog entry here.

Please contact your local Exclusive Networks Account Manager for more information about Demisto and its integration with Cortex XDR.