Cortex XSOAR Tips & Tricks

Introduction

With our Managed Detect and Respond (MDR) service, NVISO provides a managed Security Operations Center (SOC) for a large variety of clients across different industries. Since the beginning of this service, we had an “automate first” principle where we tried to automate as much of the repetitive tasks of the SOC analysts as possible, to allow them to focus on actionable security alerts to faster detect attackers in the environment of our customers.

To achieve this goal, NVISO has implemented Palo Alto Cortex XSOAR as its SOAR platform of choice and branded it as the NITRO platform. Cortex XSOAR is the market leader in security automation platforms and the most capable platform currently available. Additionally to the automated workflows created for its managed SOC, NVISO has developed a range of NITRO services on top of Cortex XSOAR such as adversary emulation, vulnerability management and SIEM use case management.

While developing these solutions on Cortex XSOAR, our R&D and SOAR engineering teams have gained a lot of expertise on the platform which we want to share with you in this blog post series. In each post, we will in detail discuss a technical topic together with code snippets, example playbooks or automations you can use in your own Cortex XSOAR environment.

All content will be available in our NVISO Github:

https://github.com/NVISOsecurity/blogposts/tree/master/CortexXSOAR

All future posts will be added to the following series: https://blog.nviso.eu/series/Cortex-XSOAR-Tips-Tricks/

About the author

Wouter is an expert in the SOAR engineering team in the NVISO SOC. As the lead engineer and development process lead he is responsible for the design, development and deployment of automated analysis workflows created by the SOAR Engineering team to enable the NVISO SOC analyst to faster detect attackers in customers environments. With his experience in cloud and devops, he has enabled the SOAR engineering team to automate the development lifecycle and increase operational stability of the SOAR platform.

You can reach Wouter via his LinkedIn page.


Want to learn more about SOAR? Sign- up here and we will inform you about new content and invite you to our SOAR For Fun and Profit webcast.
https://forms.office.com/r/dpuep3PL5W

Series NavigationCortex XSOAR Tips & Tricks – Execute Command Function >>

Leave a Reply