Flashpoint - Cortex XSOAR Integration

Overview

Security teams are tasked with triaging an unmanageable number of alerts on a daily basis, attempting to decipher real threats from false positives. Many teams rely on a manual review of alerts that drains analyst resources and time, and could still leave organizations exposed because the number of alerts is overwhelming.

Manual reviews are inefficient. Analysts need an automated process of responding to alerts, one that is informed by contextualized intelligence and technical data collected from difficult-to-reach corners of the internet.

The Flashpoint & Cortex™ XSOAR Advantage

Flashpoint’s intelligence and technical data combined with Cortex™ XSOAR’s security orchestration and automation, improve threat visibility and accelerate incident response. SOC teams leveraging this integration are provided insight into illicit online communities, enabling users to correlate information related to their infrastructure, gain information in a timely manner, and leverage connections to prioritize response.

The result is enhanced processes and internal workflows combined with context from Flashpoint’s unique access to illicit communities and technical intelligence, better equipping teams to mitigate risk to the organization.


Integrated Flashpoint Datasets

TECHNICAL DATA

Technical Indicators: Enable users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets, including those found in Flashpoint Finished Intelligence reports, allowing for seamless integration into users’ workflows and automated tools.

INTELLIGENCE REPORTS

Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.

COMMUNITIES

Forums: Access to signal-rich discussions from illicit threat actor communities. Supplement internal data with targeted data from highly curated sources.

COMPROMISED ASSETS

Compromised Credentials Monitoring - Enterprise (CCM - E): Enables organizations to search and monitor Flashpoint’s unique collections for compromised enterprise accounts and passwords in order to flag accounts, reset employee passwords, and restrict permissions to prevent actors from accessing confidential or personally identifiable information (PII).

ALERTING

Automated Alerting: Matches conversations from illicit online communities with a client’s areas of concern, and automatically provides these matches directly to the user. Generated alerts are available in the Flashpoint Intelligence Platform, ensuring timely notifications that identify potential risks to the organization, as well as the ability to investigate further within the platform.


Key Features

  • Cortex™ XSOAR Playbooks integrated with Flashpoint Intelligence bring more context to investigations of potentially malicious IPs, URLs, domains, hashes or file names

  • Access Flashpoint Finished Intelligence to discover the tactics, techniques, and procedures (TTPs) of actors and gain a better understanding of their sophistication level and intent

  • Prioritize alerts with additional context and analysis from Flashpoint’s unique access to illicit communities and threat actor discussions

For more information contact: [email protected]

Did this answer your question?