Lets Automate It

from Josh Rickard

Investigate Alerts in Microsoft Azure Using SOAR

2019-12-18 swimlane Josh Rickard

Alerts or detections come in many forms—some are good and some are not—and security operations center (SOC) analysts are responsible for the initial investigation into these anomalies. What’s more, when it comes to cloud-based resources, we may not have the luxury of logging everything that happens on a host operating system.

Microsoft Azure helps provide quite a bit of data to assist with the initial investigation, as well as some initial response actions. If you are a tier-one or -two analyst, you probably don’t have the ability to perform a full investigation, which is typically completed by your incident response or digital forensics team. With this in mind, I would like to introduce Swimlane’s new Microsoft Azure Use Case for just this situation.

Read More

Swimlane and Cylance PROTECT: Endpoint Threat Response

2019-10-18 swimlane Josh Rickard
Swimlane and Blackberry Cylance have partnered to offer a new use case that combines the power of security orchestration, automation and response (SOAR) with Cylance PROTECT’s integrated threat prevention solution. The Proactive Endpoint Threat Response use case utilizes our integration to take a proactive response to detections identified by Cylance PROTECT. By ingesting detections from Cylance PROTECT, Swimlane can automate and orchestrate the enrichment of detections using multiple open source intelligence (OSINT) platforms to identify malicious files proactively that are similar or related to a specific variant identified by Cylance. Continue reading