Use Case: Centralise Events
Overview:
The overall process is to provide the capability of collecting incident and alerts from various different tools and either ingest them into a SIEM or integrate them with a ticketing system for visibility and efficiency.
Therefore, the process has been split into various automation flows depending on the tool / source of the events. The template of each flow can be downloaded and applied separately.
The below tools have been templated and are available for download:
- Microsoft Defender
- Proofpoint Threat Response
- AWS Security Hub - Guard-Duty
- Vectra AI
- Sophos Central
- Jira Ticketing System
Templates:
- Microsoft Defender:
-
Template contains both SIEM and Ticket creation examples: Download template
-
Proofpoint Threat Response:
-
Template contains both SIEM and Ticket creation examples: Download template
-
AWS Security Hub - Guard-Duty:
-
Template contains both SIEM and Ticket creation examples: Download template
-
Vectra AI:
-
Connect and Collect new incidents and create tickets: Download template
-
Sophos Central:
-
Template contains both SIEM and Ticket creation examples: Download template
-
Jira Ticket Creation:
- All of the above templates, require this flow when creating Jira tickets: Download template
Benefits:
- Automation: Eliminates the need on logging in to various tools for reviewing alerts and incidents.
- Efficiency: Streamlines the process of monitoring and managing installed applications and services.
- Scalability: With more tools being introduced to an environment as an additional monitoring layer, this process can be scaled to handle a large quantity of incidents and alerts efficiently.