Today, most enterprise customers have a manual Swivel-Chair Enrichment processes where Level 1 or Level 2 incident handlers within the security operation center are Swivel-Chairing and logging into external systems. An example is to perform observable look up in RecordedFuture or an IOC look up in VirusTotal or CrowdStrike and so on.
To help SOC analysts to automatically enrich newly created security incidents, Loginsoft has built the integration for Thirdparty Intelligence source with ServiceNow which now allows a Level 1 or Level 2 incident handlers to speed up incident response by performing automatic Threat Lookups, observable lookups, get network statistics and so on for a particular endpoint.
In the below case, IP address is automatically parsed and shown as Malicious from a Threat Intelligence source by performing Automatic Threat Look Up.
The Threat Lookup Results shows from Two Threat Intelligence Sources, VirusTotal and RecordedFuture in the sample image below.
Similarly, SOC Analyst can do a Manual Look Up Observable for a Security incident by selecting the configured Sources available.
IN-HOUSE EXPERTISE
Get practical solutions to real-world challenges, straight from experts who conquered them.
View all our articles