Integrating the Respond Analyst with ServiceNow Security Operations, an XDR Engine

Integrating the Respond Analyst with ServiceNow Security Operations, an XDR Engine


Automation is changing into increasingly more prevalent and wanted by Safety Operations Facilities (SOC).  That is pushed by the growing cybersecurity abilities hole, intensified by the quantity of safety information and alerts that require evaluation.  To handle this, SOC groups are taking a look at instruments such Safety Orchestration Automation and Remediation (SOAR) techniques.

Nevertheless, in our interactions with clients, we’re discovering quite a lot of frustration for organizations which have rolled out SOARs.  A lot of this frustration comes from the lack of the SOAR to digest the quantity of information and alerts which might be generated from varied sensors within the atmosphere.  To not point out the correlation and decision-making that should occur to search out malicious conduct.  When this happens, organizations miss out on the automation advantages, notably for incident remediation, that SOAR was meant to deal with within the first place.

Exacerbating this frustration is the sheer period of time, effort and price it takes to write down playbooks for automated incident remediation.  Moreover, playbooks should be maintained over time to maintain up with the newest Ways, Methods and Procedures (TTP) which might be consistently altering.  Nevertheless, if the SOAR isn’t discovering the incidents or can not monitor the information at scale (as is important), these playbooks that automate remediation are of little worth.

As we introduced final fall, the Reply Analyst integrates with ServiceNow Safety Operations.  This integration permits Reply to take the heavy lifting of front-end alert monitoring, triage and scoping off of ServiceNow.  As soon as incidents are recognized and false positives are discarded, the Reply Analyst forwards solely the malicious incidents that require remediation.  From there, ServiceNow Safety Operations will automate remediation actions to shut the incident.

Unlocking SOAR with eXtended Detection and Response (XDR)

The Reply Analyst, an XDR Engine from Reply Software program, allows organizations to unlock the true automation capabilities of their SOAR deployments by managing the up-front evaluation and triage of occasions earlier than they’re handed to the SOAR system. The Reply Analyst is scalable to deal with tens of millions of occasions, escalating actionable and malicious incidents into SOAR for remediation and filtering out false positives. Nevertheless, in contrast to SOAR, the Reply Analyst doesn’t require coding, customization or upkeep over time, due to this fact, time to worth could be acknowledged in hours. Leveraging the Reply Analyst with SOAR reduces assault dwell time, remediates safety points sooner by means of further automation, and elevates analyst collaboration.

The Reply Analyst and ServiceNow Integration
As new incidents are created within the Reply Analyst, it can make API calls to ServiceNow utilizing the Account specified within the integration’s configuration settings, pushing all of the fields mapped within the Import Set Internet Service. The safety analyst doesn’t must manually open a case in ServiceNow and populate it with related data. The Reply Analyst does this routinely when an incident is detected and continues to replace the case in ServiceNow if and when new occasions are scoped into that incident.

When a Reply Incident is up to date with new data, the Reply Analyst will replace the incident in ServiceNow.

Integrating the Respond Analyst with ServiceNow Security Operations, an XDR Engine

The Reply Analyst contains the ServiceNow case quantity and hyperlinks again to the incident within the ServiceNow Safety Operations console.

Integrating the Respond Analyst with ServiceNow Security Operations, an XDR Engine

Hyperlinks again to the Reply incident are included within the information pushed to the ServiceNow incident. These can be utilized to entry incident particulars and shut the incident proactively within the Reply Analyst if desired.

On an on-going foundation, the Reply Analyst will request the standing of incidents in ServiceNow, and if an incident in ServiceNow is closed, the Reply Analyst will shut its corresponding Incident. If the consumer has outlined the elective settings to return the *FEEDBACK* values, these might be used to shut the incident. If these will not be set, the incident might be closed with a decision of “Inconclusive” within the Reply Analyst.

If a consumer closes an incident within the Reply Analyst UI, Reply won’t shut the incident in ServiceNow and can cease requesting the standing of that incident in ServiceNow.


The Reply Analyst investigates, scopes, triages and correlates occasions, growing the incident remediation capabilities of ServiceNow Safety Operations. The Reply Analyst allows safety analysts to cease taking a look at consoles all day and begin investigating incidents, an improved use of their time. The mixture of the Reply Analyst and ServiceNow Safety Operations will end in diminished assault dwell time for patrons which have or are contemplating the utilization of each options.

For extra data on the Reply Analyst and SOAR:

The Reply Analyst, an XDR Engine | ServiceNow Safety Operations Integration

Is the Reply Analyst a SOAR Device?

Placing the Automation into SOAR

The submit Integrating the Reply Analyst, an XDR Engine with ServiceNow Safety Operations appeared first on Reply Software program.

*** It is a Safety Bloggers Community syndicated weblog from Weblog – Reply Software program authored by Mike Reynolds. Learn the unique submit at:

snow vulnerability management,vulnerability response,servicenow threat intelligence,secops servicenow docs,service now madrid documentation,service now docs madrid,demisto documentation,demisto integrations,demisto vs phantom,demisto tutorial,demisto use cases,install demisto server,incident response tools github,incident response tools list,threat response software,top 10 incident management tools,demisto alternatives,cyber attack lifecycle mitre,what is opsec in checkpoint,check point partner login,checkpoint partner levels,checkpoint customers,palo alto partner locator,check point software technologies ltd ceo

More Stories
OSINT Gathering Key to Keeping Up With Financial Crime