More Developers, More Alterations, More Controls
What it does
XSOAR Audit Integration fetches and dumps the user audit logs. Then, the Audit Inspector playbook generates the XSOAR Audit report for deleted/modified content, that is sent over email to XSOAR Administrators or Content owners.
How we built it
We have multiple teams and dedicated Tenant/Client owners for the XSOAR content. There were ongoing challenges in tracking the content changes and similar requests were received from Tenant owners/client as well. To address this, we have created the XSOAR Audit integration that will fetch and ingest the user audit logs for all tenants. Then, the XSOAR Audit playbook will run as a JOB on top of XSOAR Audit integration to generate the report for deleted content from XSOAR.
Challenges we ran into
- Ingesting and parsing XSOAR Audit logs in SIEM.
- Generating Audit reports via Playbook.
Accomplishments that we are proud of
We were able to resolve the client challenges and enabled them to meet the compliance requirements.
What we learned
We explored varied XSOAR API use cases and learned the usage of DT in our playbook related tasks.
What's next for XSOAR Inspector
We will be using it as a part of our Tenant Creation checklist, so that our clients and XSOAR Tenant owners can track the content level changes.