DFLabs and Jira: Streamline Incident Management and Issue Tracking - INTEGRATION BRIEF
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking. Integrate IncMan SOAR’s Orchestration, Automation and Response capabilities with your existing Jira solution.
Solution Overview. Security Operations
Combine the power of IncMan SOAR’s create issues within Jira and continue Teams struggle to
Orchestration, Automation and Response to update the issue as the incident
capabilities with Jira’s industry leading progresses. Bridge the gap between
gain visibility of threat
issue tracking software to manage your teams orchestrating incidents with and rapidly respond
security incidents in a whole new and IncMan and teams tracking other tasks
more efficient way. with Jira to ensure that all teams to incidents.
maintain a holistic view of the incident
IncMan’s Rapid Response Runbooks (R³
and function as a single, unified body.
Runbooks) can be used to automatically
The Problem.
Security incidents are complex and Faced with a continued onslaught of
dynamic events, requiring the coordinated security incidents, organizations must find
participation from multiple teams across ways to maximize the utilization of their
the organization. For these teams to limited resources to remain ahead of the
work with maximum efficiency, as a single attackers and ensure the integrity of the
body, it is critical that information flow organization’s critical resources.
seamlessly between all teams in real-
time.
The DFLabs and Jira Solution.
Security Operations Teams struggle DFLabs IncMan SOAR and Jira solve Combining IncMan SOAR, Jira and other
to gain visibility of threats and rapidly these specific challenges: security products enables Enterprises
respond to incidents due to the to:
•H
ow can I aggregate and correlate
sheer number of different security
disparate security sources to increase • Reduce incident resolution time by 90%
technologies they must maintain and
my visibility of threats and effectively
manage and the resulting flood of alerts. •M
aximize security analyst efficiency by
investigate alerts and incidents?
Aggregating these into a single pane of 80%
glass to prioritize what is critical and •H
ow can I prioritize my response to
• Increase the number of handled
needs immediate attention requires a security incidents at volume and at
incidents by 300%
platform that can consolidate disparate scale across a growing attack surface?
technologies and alerts, and provides a
•H
ow can I rapidly respond to security
cohesive and comprehensive capability
incidents with limited resources
set to orchestrate incident response
to contain damage and limit legal
efforts.
exposure?
By integrating with Jira, IncMan SOAR
extends these capabilities to Jira users,
combining the Orchestration, Automation
and Response power of IncMan with the
organization’s existing issue tracking
process.DFLabs IncMan SOAR Overview.
LEADERSHIP CSIRT SOC TICKETING SYSTEM
SYSLOG
SIEM
EMAIL MSSP/ ONPrem
API
WEB FORM
TICKET
USER
CORRELATION MACHINE THREAT
ENGINE LEARNING INTELLIGENCE
HUMAN TO INCIDENT
MACHINE CREATED
SUPERVISED ACTIVE
INTELLIGENCE™
3RD PARTY
INTEGRATION
TEAM
ASSIGNED
MACHINE TO
MACHINE
R3 RUNBOOK
CHALLENGES
About Jira. •H
ow can I ensure that all teams
have the most up-to-date incident
information?
Jira’s industry leading issue tracking plan, track and report projects and issues
solution has been battle-tested and in real-time, maximizing efficiency and •H
ow can I integrate the power
become the core of organization’s reducing impacts on the organization’s of IncMan SOAR into my existing
support, IT, incident response and project critical business processes. issue management process?
management processes worldwide. Jira •H
ow can I enable all teams to
allows teams from across the organization work as a single, unified body
to collaborate and share information to to increase the efficiency of the
response process?
•H
ow can I quickly communicate
critical information to those
About DFLabs IncMan SOAR. outside the security team?
DFLABS AND JIRA SOLUTION
DFLabs IncMan Security Orchestration, IncMan uses machine learning and Rapid
Automation and Response (SOAR) Response Runbooks (R³ Runbooks) as a • Automatically create and update
platform automates, orchestrates and force multiplier that has enabled security Jira issues using IncMan’s R³
measures security operations and teams to reduce average incident Rapid Response Runbooks
incident response tasks, including threat resolution times by 90% and increase
•S
hare information seamlessly
validation, triage and escalation, context incident handling by 300%.
between solutions and teams
enrichment and threat containment.
• Integrate with your existing issue
management process
R ESULTS
• Reduce Incident resolution time
by 90%
•M
aximize security analyst
efficiency by 80%
• Increase the number of resolved
incidents by 300%Use Case.
An alert of a host communicating with The automated workflow of IncMan’s
a potentially malicious domain has R³ Runbooks means that an IncMan
JIRA ACTIONS
automatically generated an Incident incident and Jira issue will have been
within IncMan SOAR. This alert is automatically generated, and these Notifications
automatically categorized within IncMan enrichment actions through the Quick
Add comment to Issue
based on the organizations policies, Integration Connector with Jira and other
which initiates the organization’s Domain enrichment sources will have already Create Issue
reputation runbook, shown below. been committed before an analyst is even
Delete Issue
aware that an incident has occurred.
Through this runbook, IncMan
List Issue Status
automatically gathers domain reputation Both IncMan and Jira users are now
information for the domain which able to perform their respective tasks, List Issue Types
generated the alert. If the resulting knowing that they are each working with List Project
domain reputation information indicates the same information, and can continue
that the domain may be malicious, to do to as the incident progresses. Set Issue Status
IncMan will use an Notification action to Harnessing the power of Jira’s industry Update Issue
automatically create a new Issue within leading issue tracking solution, along
Jira, allowing Jira users to immediately with the Orchestration, Automation
begin next steps. and Response of DFLab’s IncMan SOAR,
organizations can elevate their incident
Next, using additional Enrichment LEARN MORE
response process, leading to faster and
actions, IncMan will automatically gather
more effective response and reduced risk For more information on how to take
additional information regarding the
across the entire organization. your incident response to the next
suspicious domain, such as WHOIS and
geolocation information. IncMan will then level with DFLabs IncMan, contact
automatically update the Jira issue with your DFLabs representative or visit
this information. Finally, a screenshot www.dflabs.com.
of the page (if applicable), is taken and
added to IncMan.About DFLabs.
DFLabs is an award-winning and increasing the return on investment for CONTACT US
recognized global leader in Security existing security technologies.
Orchestration, Automation and Response US – +1 201 579 0893
As its flagship product, IncMan SOAR has
(SOAR) technology. UK – +44 203 286 4193
been adopted by Fortune 500 and Global
Its pioneering purpose-built platform, 2000 organizations worldwide. IT – +39 037 832 416
IncMan SOAR, is designed to manage,
The company’s management team has
measure and orchestrate security E – sales@dflabs.com
helped shape the cyber security industry,
operations tasks, including security
which includes co-editing several industry
incident qualification, triage and
standards such as ISO 27043 and ISO
escalation, threat hunting & investigation
30121.
and threat containment.
DFLabs has operations in Europe, North
lncMan SOAR harnesses machine
America and EMEA.
learning and automation capabilities to
augment human analysts to maximize the For more information visit
effectiveness and efficiency of security www.dflabs.com or connect with us on
operations teams, reducing the time Twitter @DFLabs.
from breach discovery to resolution and
About LogPoint.
LogPoint enables organizations to Our offices are located throughout Europe
convert data into actionable intelligence, and in North America.
improving their cybersecurity posture and
Our passionate employees throughout the
creating immediate business value.
world are achieving outstanding results
Our advanced next-gen SIEM, UEBA through consistent customer value-
and Automation and Incident Response creation and process excellence.
solutions, simple licensing model, and
With more than 50 certified partners,
market-leading support organization
we are committed to ensuring our
empower our customers to build, manage
deployments exceed expectations.
and effectively transform their businesses.
For more information visit
We provide cybersecurity automation
www.logpoint.com or connect with us on
and analytics that create contextual
Twitter @LogPoint.
awareness to support security,
compliance, operations, and business
decisions.You can also read
