Automation is the key to successful incident response. However, when an issue moves beyond automation or requires analysts to step in, seamless access to network packet data is critical.
Cortex XSOAR (previously Demisto) excels at data collection and decision making when responding to incidents. Cataloging and analyzing captures by adding CloudShark integration to your playbook lets your team get the details they need, with the right context, to enhance and accelerate SIEM automation.
In this video, Pramukh Ganeshamurthy, Product Managing and Marketing for Cortex XSOAR, and Tom Peterson, Senior Technical Specialist at CloudShark present a special session covering:
- Adding packet capture to your playbook from multiple sources
- Organizing captures for secure, easy searching and retrospective analysis
- How to get your whole team working together on packet capture analysis during case management through DBot, in the war room, and more.
Photo credit Enrico Mantegazza via Unsplash
Want articles like this delivered right to your inbox?Sign up for our Newsletter
No spam, just good networking.