IntSights for DemistoAutomated Threat Intelligence and Response

Today’s security landscape has no lack of data, but sifting through that data for focused and relevant threat information is a challenge. SOCs often miss potential threats that can impact their organizations because they’re time-strapped by correlating context across sources, manual processes, and high irrelevant alert volume. Security teams need a platform that can centralize threat intelligence across sources and harness that information to drive response across security environments. To meet these challenges, users can combine the comprehensive tailored threat intelligence of IntSights with the security orchestration and automation features of Demisto to improve threat visibility and accelerate incident response.

Integration Overview: How It works• Ingest aggregated tailored digital footprint alerts from IntSights into

Demisto and trigger playbooks to enrich and respond to those alerts.• Enrich IntSights alert context from within Demisto by adding tags,

comments, and severity changes as automated tasks.• Access IntSights IOC lists and blocklists from Demisto in real time.• Search for alert details, alert activities, and IOCs in IntSights from

within Demisto.• Leverage hundreds of Demisto product integrations to further enrich

IntSights digital footprint intelligence and coordinate response across security functions.

• Run thousands of commands (including for IntSights) interactively via a ChatOps interface while collaborating with other analysts and Demisto’s chatbot.

Integration Benefits

Compatibility

• Harness rich, aggregated threat intelligence from IntSights in Demisto for automated, playbook-driven response.

• Further enrich IntSights data with intelligence from other security tools via Demisto’s orchestration.

• Improve analyst efficiency by centralizing collaboration, investigation, and documentation.

• Shorten decision-making cycle by automating key tasks with analyst review.

• Products: Demisto Enterprise, IntSights External Threat Protection Suite

Visit: Intsights.com Call: +1 (800) 532-4671 Email: info@intsights.com

Visit: Intsights.com Call: +1 (800) 532-4671 Email: info@intsights.com

Use CaseAutomated Threat Enrichment and Response

Challenge:The disparate nature of threat intelligence and incident response tools can make it tough for SOC teams to track the lifecycle of an incident due to moving between screens, fragmented information, and the lack of single-window documentation. Incident response will also often involve a host of important but repetitive actions that analysts need to perform, not leaving them with enough time for actual problem-solving and decision-making.

For example, analysts can leverage IntSights to get IOC lists, modify alert severity, and update IOC blocklist status as automatable playbook tasks within Demisto.

Benefit: Demisto playbooks coupled with IntSights actions can standardize and speed up triage and resolution of security alerts. Analysts get a comprehensive view of the response workflow on a single screen. With repeatable tasks now automated, analyst time is freed up for deeper investigation and strategic action.

Solution:SOCs using IntSights for threat intelligence and digital risk protection alongside Demisto Enterprise for security orchestration and incident response, respectively, can automate alert ingestion and IOC enrichment through Demisto playbooks. These playbooks will receive alerts and indicator intelligence from IntSights, and use that information to execute actions across the entire stack of products used by SOCs.

About IntSightsIntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world. IntSights has offices in Amsterdam, Boston, Singapore, Tokyo, New York, Dallas, and Tel Aviv. To learn more, visit: https://www.intsights.com.

About DemistoDemisto is the only Security Orchestration, Automation, and Response (SOAR) platform that combines security orchestration, incident management, and interactive investigation to serve security teams across the incident lifecycle. Our orchestration engine coordinates and automates tasks across 100s of partner products, resulting in an increased return on existing security investments. Demisto enables security teams to reduce Mean Time to Response (MTTR), create consistent incident management processes, and increase analyst productivity. For more information, visit www.demisto.com or email info@demisto.com.

Visit: Intsights.com Call: +1 (800) 532-4671 Email: info@intsights.com