Use Case: Centralise Events

Overview:

The overall process is to provide the capability of collecting incident and alerts from various different tools and either ingest them into a SIEM or integrate them with a ticketing system for visibility and efficiency.

Therefore, the process has been split into various automation flows depending on the tool / source of the events. The template of each flow can be downloaded and applied separately.

The below tools have been templated and are available for download:

  • Microsoft Defender
  • Proofpoint Threat Response
  • AWS Security Hub - Guard-Duty
  • Vectra AI
  • Sophos Central
  • Jira Ticketing System

Templates:

  1. Microsoft Defender:
  2. Template contains both SIEM and Ticket creation examples: Download template

  3. Proofpoint Threat Response:

  4. Template contains both SIEM and Ticket creation examples: Download template

  5. AWS Security Hub - Guard-Duty:

  6. Template contains both SIEM and Ticket creation examples: Download template

  7. Vectra AI:

  8. Connect and Collect new incidents and create tickets: Download template

  9. Sophos Central:

  10. Template contains both SIEM and Ticket creation examples: Download template

  11. Jira Ticket Creation:

  12. All of the above templates, require this flow when creating Jira tickets: Download template

Benefits:

  • Automation: Eliminates the need on logging in to various tools for reviewing alerts and incidents.
  • Efficiency: Streamlines the process of monitoring and managing installed applications and services.
  • Scalability: With more tools being introduced to an environment as an additional monitoring layer, this process can be scaled to handle a large quantity of incidents and alerts efficiently.

Microsoft Defender Preview

Proofpoint Threat Response

AWS Security Hub - Guard-Duty

Vectra AI

Sophos Central

Jira Ticket Creation