XSOAR Inspector

Mr Audit Inspector
Playbook reference
XSOAR Architecture: Audit PB & Integration

Inspiration

More Developers, More Alterations, More Controls

What it does

XSOAR Audit Integration fetches and dumps the user audit logs. Then, the Audit Inspector playbook generates the XSOAR Audit report for deleted/modified content, that is sent over email to XSOAR Administrators or Content owners.

How we built it

We have multiple teams and dedicated Tenant/Client owners for the XSOAR content. There were ongoing challenges in tracking the content changes and similar requests were received from Tenant owners/client as well. To address this, we have created the XSOAR Audit integration that will fetch and ingest the user audit logs for all tenants. Then, the XSOAR Audit playbook will run as a JOB on top of XSOAR Audit integration to generate the report for deleted content from XSOAR.

Challenges we ran into

Ingesting and parsing XSOAR Audit logs in SIEM.
Generating Audit reports via Playbook.

Accomplishments that we are proud of

We were able to resolve the client challenges and enabled them to meet the compliance requirements.

What we learned

We explored varied XSOAR API use cases and learned the usage of DT in our playbook related tasks.

What's next for XSOAR Inspector

We will be using it as a part of our Tenant Creation checklist, so that our clients and XSOAR Tenant owners can track the content level changes.

Built With

json
python
rest
xsoar

Updates

Mohan Mittal started this project — Sep 17, 2020 05:40 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.