See all the actions in one place

You log into your XSOAR Incident Overview dashboard. With a bird’s-eye view, you see a few critical incidents.

Let’s dig deeper.

Gain total threat transparency

The Ivanti CVEs and their related incidents are listed in the Threat Landscape Overview dashboard. These zero-day vulnerabilities are all over the news, and both you and your manager are worried about how they might impact the business.

You click on an incident link for more context.

Rapidly assess impact

The Incident dashboard gives you a quick summary, with details such as type, severity and status. You quickly infer when the incident happened and report this to your manager.

You click the incident ID number to drill deeper.

Put everything at your fingertips

Here, you see every indicator associated with the incident.

The Playbook Description details how XSOAR extracted a total of 23 indicators and analyzed them for valuable insights.

With these insights, you can quickly decide if you need to block them from propagating across your network.

Be ready with in-depth information

You select an indicator to learn more about it in the quick view panel. Here, you see information on sources and other details.

This view gives you all relevant information needed to make quick decisions.

View actionable threat intel

For more in-depth analysis of the indicators, you can navigate to the Threat Intel page. Here, you get more context about the indicator from external threat reports, Unit 42 analyses and other incidents where the indicator was observed.

Armed with this information, you are ready to take action.

Take a quick, targeted response

Back to the incident, you go to the Analyst Tools tab where you have quick action buttons for rapid responses. You can create these buttons to accelerate incident response actions that kick off automatically once they're clicked.

You decide to review the DIG DNS Lookup action.

Run customized, automated scripts

You review the script and it looks good. You go back to the incident.

XSOAR comes with thousands of automation scripts like this one for use in playbook tasks or real-time commands in the War Room. From automation scripts to dashboards, everything in XSOAR is easily customized to suit your needs.

Respond to threats in real-time

Next, you move to the War Room tab and tag the suspicious indicator you just reviewed as evidence.

In the War Room, you can execute real-time actions across your tools seamlessly, eliminating the need to switch consoles.

You can also communicate in real-time with your peers to investigate an incident.

Review playbook actions

Within the Work Plan tab, you'll find the playbook that was run against this incident to extract, label and connect indicators automatically. It proceeds to conduct threat-hunting queries across various sources and carries out remedial actions such as blocking the indicator and thwarting lateral movement of the attack.

You have the option to trigger additional playbooks for further actions if required.

Easily customize playbooks

You decide to review the playbook that was executed for this incident. You can modify XSOAR playbooks out of the box or create them from scratch.

No changes were required in this case, so you pivot back to the incident.

Collect and review evidence in one place

Under the Evidence Board tab, you will find the indicators and other evidence that you flagged earlier in the War Room.

You can use this evidence to track relevant details needed for reports and stakeholder presentations.

Simplify communications

Using the Email Communications content pack, you and your team interact with other stakeholders to update them on your investigation into the Ivanti vulnerabilities. You also include key details regarding the investigation of the incident itself.

Close incident tickets with ease

Finally, it's time to close the incident.

You can open, edit and close incident tickets from within XSOAR. There is no need to pivot to ServiceNow, Jira, Remedy, Slack or other tools.

Take total control over every job

To stay ahead of the curve in the future, you decide to create jobs. In the Jobs dashboard, you can manage the automated playbook associated with the Ivanti vulnerabilities.

This is where you can run or pause playbooks, schedule health checks, monitor for future occurrences or engage in proactive threat hunting.

Deploy turnkey content for any security use case

With another incident closed, you head over to the Cortex XSOAR Marketplace, where you can discover, exchange and contribute to security automation playbooks.

With 1000+ packs contributed by SecOps experts and the world’s largest SOAR community, you can scale your operations with confidence.

Get more security done. With Cortex XSOAR.

Let your security analysts focus on what they do best. Let automation handle the rest.

Transform your SOC with Cortex XSOAR.