Inspiration - We noticed that clients would often ask us what response actions that XDR can take when providing XDR demos or having XDR conversations. We also noticed that other EDR tools did not provide similar functionality.
What it does - We have created a Playbook in XSOAR that identifies when a user has attempted to install malware, emails the end user, and then isolates the machine. It then sends an email to the IT Security team notifying them of this activity.
How we built it - We built a Playbook in XSOAR, created email accounts to mock the scenario, and also detonated malware on an Endpoint to simulate this.
Challenges we ran into - Having to modify the Playbook to get it to function properly.
Accomplishments that we're proud of - This is a demo scenario that other SEs can use, we can show the value of XDR and XSOAR together in just one example. This is an idea that's ready to be delivered to customers with little to no development time.
What we learned - How the integration between XDR and XSOAR really works and the intricacies involved in the integration.
What's next for - Continue capturing ideas and building onto this playbook more.
https://github.com/demisto/content/pull/9203
Log in or sign up for Devpost to join the conversation.