More Developers, More Alterations, More Controls

What it does

XSOAR Audit Integration fetches and dumps the user audit logs. Then, the Audit Inspector playbook generates the XSOAR Audit report for deleted/modified content, that is sent over email to XSOAR Administrators or Content owners.

How we built it

We have multiple teams and dedicated Tenant/Client owners for the XSOAR content. There were ongoing challenges in tracking the content changes and similar requests were received from Tenant owners/client as well. To address this, we have created the XSOAR Audit integration that will fetch and ingest the user audit logs for all tenants. Then, the XSOAR Audit playbook will run as a JOB on top of XSOAR Audit integration to generate the report for deleted content from XSOAR.

Challenges we ran into

  1. Ingesting and parsing XSOAR Audit logs in SIEM.
  2. Generating Audit reports via Playbook.

Accomplishments that we are proud of

We were able to resolve the client challenges and enabled them to meet the compliance requirements.

What we learned

We explored varied XSOAR API use cases and learned the usage of DT in our playbook related tasks.

What's next for XSOAR Inspector

We will be using it as a part of our Tenant Creation checklist, so that our clients and XSOAR Tenant owners can track the content level changes.

Built With

Share this project: