Introduction When developing automations in Cortex XSOAR, you can use the Script Helper in the built-in Cortex XSOAR IDE to view all the scripts and commands available for automating tasks. When there is no script or command available for the specific task you want to automate, you can use the Cortex XSOAR API to automate … Continue reading Cortex XSOAR Tips & Tricks – Using The API In Automations
Category: SOC
NVISO achieves Palo Alto Networks Cortex eXtended Managed Detection and Response (XMDR) Specialization
Managed Security Services provider NVISO, today announced it has become a Palo Alto Networks Cortex® XMDR Specialization partner.
Cortex XSOAR Tips & Tricks – Tagging War Room Entries
Introduction The war room in Cortex XSOAR incidents allows a SOC analyst to do additional investigations by using any command available as an automation or integration command. It also contains the output of all tasks used in playbooks (if not in Quiet mode). In this blogpost we will show you how to format output of … Continue reading Cortex XSOAR Tips & Tricks – Tagging War Room Entries
DeTT&CT : Mapping detection to MITRE ATT&CK
Introduction Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers. For a SOC, it is crucial to have an good overview … Continue reading DeTT&CT : Mapping detection to MITRE ATT&CK
Cortex XSOAR Tips & Tricks – Execute Command Function
Introduction When developing the automated SOC workflows for the NVISO Managed SOC and the additional NITRO services on Cortex XSOAR, we have started to make use of automations to do complex tasks instead of playbooks. Automations have much better performances and, if your team has a decent level of Python skills, developing complex tasks in … Continue reading Cortex XSOAR Tips & Tricks – Execute Command Function
Cortex XSOAR Tips & Tricks
Introduction With our Managed Detect and Respond (MDR) service, NVISO provides a managed Security Operations Center (SOC) for a large variety of clients across different industries. Since the beginning of this service, we had an “automate first” principle where we tried to automate as much of the repetitive tasks of the SOC analysts as possible, … Continue reading Cortex XSOAR Tips & Tricks
Automated spam detection in Palo Alto Cortex XSOAR
Introduction With our Managed Detect and Respond (MDR) service at NVISO we provide a managed Security Operations Center (SOC) for a large variety of clients across different industries. In our SOC, we rely heavily on automations performed by our SOAR platform Palo Alto Cortex XSOAR to minimize the manual tasks that need to be done … Continue reading Automated spam detection in Palo Alto Cortex XSOAR
Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester
In one of the smaller campaigns we monitored last month (September 2021), the threat actor inadvertently exposed Telegram credentials to their harvester. This opportunity provided us some insight into their operations; a peek behind the curtains we wanted to share.
Going beyond traditional metrics: 3 key strategies to measuring your SOC performance
Establishing a Security Operation Center is a great way to reduce the risk of cyber attacks damaging your organization by detecting and investigating suspicious events derived from infrastructure and network data. In traditionally heavily regulated industries such as banking, the motivation to establish a SOC is often further complimented by a regulatory requirement. It is … Continue reading Going beyond traditional metrics: 3 key strategies to measuring your SOC performance
