index_file - Index the file's genes into the organizational database.get_alert - Get an ingested alert triage and response information using alert ID.get_url_report - Get a URL analysis report based on a URL analysis ID.detonate_url - Analyze a suspicious URL with Intezer.get_file_report - Get a file analysis report based on an analysis ID or a file hash.detonate_hash - Analyze a file hash (SHA1, SHA256, or MD5) with Intezer.detonate_file - Analyze a file from Splunk vault with Intezer.test_availability - Test connection to Intezer.Remediation: Leverage Intezer's recommended remediation actions like blocking IOCs or resetting user credentials.įor more information, refer to the " Leveraging Intezer's Smart Decision Making in Your SOAR" article.Non-escalated alerts can be reviewed periodically. Escalation of Urgent Incidents: If Intezer determines an incident as high urgency (e.g., ransomware, potentially targeted), you can trigger immediate notifications to ensure prompt team alerting.Resolving False Positives: Intezer's assessment helps automatically resolve or de-prioritize tickets identified as false positives, reducing noise and allowing your team to focus on genuine threats.Enrichment: Intezer's assessment provides valuable information to enrich your existing tickets or cases, adding deeper context to the investigation and response process.Intezer's investigation data can enhance your workflows in the following ways: Utilizing Intezer Automated Triage in SOAR Workflows Intezer connector for Splunk SOAR enables security teams to automate the analysis, detection, and response of threats by integrating Intezer's technology into their Splunk workflows.
0 kommentar(er)
