Streamlining Security Operations with Intezer and Splunk SOAR Integration
– Intezer
The Intezer and Splunk SOAR integration makes it easier to quickly detect, classify, and investigate malware threats. By leveraging Splunkâs englightened Security Orchestration Automated Response (SOAR) platform, organizations can quickly and easily automate and analyze security events from third party systems, endpoint detections, or malware activity. As part of the integration, Splunk SOAR can run Intezer’s AI-powered malware analysis system to quickly identify known and unknown threats in real-time. Instantly gaining a bird’s-eye view of the risk profile of a given threat can help SOC teams prioritize incidents and make more informed decisions about the preventive and detective controls they need to implement to secure their environment. Underpinning the Intezer-Splunk integration is the Analys-as-a-Service technology provided by Intezer, which enables organizations to generate threat intelligence in milliseconds and continuously monitor their external facing assets for unexpected anomaly and malicious behavior. In addition to analyzing known and unknown malware samples, the integration also allows SOC teams to paint a comprehensive picture of the threats and vulnerabilities they face. Splunk SOAR can be extended to include Sandbox results, providing a holistic view of the threats, the
Link: https://intezer.com/blog/alert-triage/intezer-and-splunk-soar-integration/