Accelerating incident response in Cortex XSOAR through packet captures

Automation is the key to successful incident response. However, when an issue moves beyond automation or requires analysts to step in, seamless access to network packet data is critical.

Cortex XSOAR (previously Demisto) excels at data collection and decision making when responding to incidents. Cataloging and analyzing captures by adding CloudShark integration to your playbook lets your team get the details they need, with the right context, to enhance and accelerate SIEM automation.

In this video, Pramukh Ganeshamurthy, Product Managing and Marketing for Cortex XSOAR, and Tom Peterson, Senior Technical Specialist at CloudShark present a special session covering:

Adding packet capture to your playbook from multiple sources
Organizing captures for secure, easy searching and retrospective analysis
How to get your whole team working together on packet capture analysis during case management through DBot, in the war room, and more.

Read our solution brief with Palo Alto Cortex XSOAR for an overview of how it works and the benefits for security analysts!

Photo credit Enrico Mantegazza via Unsplash

Want articles like this delivered right to your inbox?

No spam, just good networking

Webinars