-  Cortex XSOAR Tips & Tricks – Execute Command Function
-  Cortex XSOAR Tips & Tricks – Tagging War Room Entries
-  Cortex XSOAR Tips & Tricks – Using The API In Automations
-  Cortex XSOAR Tips & Tricks (current)
-  Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor
-  Cortex XSOAR Tips & Tricks – Execute Commands Using The API
-  Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints
With our Managed Detect and Respond (MDR) service, NVISO provides a managed Security Operations Center (SOC) for a large variety of clients across different industries. Since the beginning of this service, we had an “automate first” principle where we tried to automate as much of the repetitive tasks of the SOC analysts as possible, to allow them to focus on actionable security alerts to faster detect attackers in the environment of our customers.
To achieve this goal, NVISO has implemented Palo Alto Cortex XSOAR as its SOAR platform of choice and branded it as the NITRO platform. Cortex XSOAR is the market leader in security automation platforms and the most capable platform currently available. Additionally to the automated workflows created for its managed SOC, NVISO has developed a range of NITRO services on top of Cortex XSOAR such as adversary emulation, vulnerability management and SIEM use case management.
While developing these solutions on Cortex XSOAR, our R&D and SOAR engineering teams have gained a lot of expertise on the platform which we want to share with you in this blog post series. In each post, we will in detail discuss a technical topic together with code snippets, example playbooks or automations you can use in your own Cortex XSOAR environment.
All content will be available in our NVISO Github:
All future posts will be added to the following series: https://blog.nviso.eu/series/Cortex-XSOAR-Tips-Tricks/
About the author
Wouter is an expert in the SOAR engineering team in the NVISO SOC. As the SOAR engineering team lead, he is responsible for the development and deployment of automated workflows in Palo Alto Cortex XSOAR which enable the NVISO SOC analysts to faster detect attackers in customers environments. With his experience in cloud and DevOps, he has enabled the SOAR engineering team to automate the development lifecycle and increase operational stability of the SOAR platform.
You can contact Wouter via his LinkedIn page.
Want to learn more about SOAR? Sign- up here and we will inform you about new content and invite you to our SOAR For Fun and Profit webcast.