Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations

This entry is part 9 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction When a Threat Intelligence Management (TIM) license is present in your Cortex XSOAR environment, the feature to create relationships between indicators is available. This allows you to describe how indicators relate to each other and use this relationship in your automated analysis of a security incident. In the previous blog post in this series, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations

Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations

This entry is part 8 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Intelligence Management (TIM) license, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations

Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints

This entry is part 7 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction When you use the Cortex XSOAR API in your automations, playbooks or custom scripts, the first place you will start is the API documentation to see which API endpoints are available. But what if you cannot find an API Endpoint for the task you want to automate in the documentation? In this blog post … Continue reading Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints

Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor

This entry is part 5 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction When using the Cortex XSOAR API in your automations, playbooks or custom scripts, knowing which API endpoints are available and how to use them is key. In a previous blog post in this series, we showed you where you could find the API documentation in Cortex XSOAR. The documentation was available on the server … Continue reading Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor

Cortex XSOAR Tips & Tricks – Execute Commands Using The API

This entry is part 6 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction Every automated task in Cortex XSOAR relies on executing commands from integrations or automations either in a playbook or directly in the incident war room or playground. But what if you wanted to incorporate a command or automation from Cortex XSOAR into your own custom scripts? For that you can use the API. In … Continue reading Cortex XSOAR Tips & Tricks – Execute Commands Using The API

Cortex XSOAR Tips & Tricks – Using The API In Automations

This entry is part 4 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction When developing automations in Cortex XSOAR, you can use the Script Helper in the built-in Cortex XSOAR IDE to view all the scripts and commands available for automating tasks. When there is no script or command available for the specific task you want to automate, you can use the Cortex XSOAR API to automate … Continue reading Cortex XSOAR Tips & Tricks – Using The API In Automations

Cortex XSOAR Tips & Tricks – Tagging War Room Entries

This entry is part 3 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction The war room in Cortex XSOAR incidents allows a SOC analyst to do additional investigations by using any command available as an automation or integration command. It also contains the output of all tasks used in playbooks (if not in Quiet mode). In this blogpost we will show you how to format output of … Continue reading Cortex XSOAR Tips & Tricks – Tagging War Room Entries

DeTT&CT : Mapping detection to MITRE ATT&CK 

Introduction Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers. For a SOC, it is crucial to have an good overview … Continue reading DeTT&CT : Mapping detection to MITRE ATT&CK