Execute actions across your entire infrastructure. Automate using visually-designed playbooks for use cases like event triage and remediation workflows.
Execute actions within seconds. Choose the right response with more than 1,000+ APIs and 200+ apps supported in the SOAR Platform
A large and active user community offers the opportunity to share playbooks, apps or brainstorm ideas for new automation use cases.
Critical to understand the quantitative performance gain and resource savings that automation provides and to have this information readily available via a dashboard.
A visual automation editor allows all security experts, who may not be an expert at writing playbooks at the source code level, to construct sophisticated playbooks.
Develop integrations to extend the functionality of the automation platform. Utilizes an open framework that follows a common standard and programming model.
At Positka, we provide flexible solutions for your automation journey with the SOAR tools. Our services include assisting you in getting fluent with the software while providing guidance for playbook maintenance and end-to-end installation. Our SME discusses and helps your team with the entire process of integration
The assessment helps to jumpstart the decision making and initiation of the automation initiative. Positka delivers an executive ready report customized to your requirements.
Flex IQ playbook Development and Maintenance lets you purchase implementation of a single at a fixed unit price and provides the service to maintain your playbook.
Positka’s experienced consultants with you on a phased approach to help with your automation. This delivers early wins to gain payback and fund the subsequent phases of automation.
Speak to the Domain Subject Matter Expert on Security Operations, IT Operations and more to discuss other playbooks that would be relevant to your requirements.
Positka provides customized training for your team to be fluent with SOAR playbooks and apps. Learn to design playbook and master the tools of automation.
Automation apps add a lot of sophistication to your environment. Positka’s app development SMEs help design and develop the apps customized to your specific requirements.
Background:
As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.
Challenges:
Benefits:
Business Impact:
Splunk Product:
Splunk SOAR (Previously Splunk Phantom) Enterprise Edition
[image] => posts/March2023/oBgfBlISB9TaOPeFF9CX.png [slug] => automating-malware-investigation-for-one-of-the-top-investment-firms [meta_description] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 10:47:02 [updated_at] => 2023-03-15 11:25:56 [tags] => Splunk-SOAR, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 29 [author_id] => 1 [category_id] => 2 [title] => Automating malware investigation for one of the top investment firms [seo_title] => Automating malware investigation for one of the top investment firms [excerpt] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [body] =>Background:
As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.
Challenges:
Benefits:
Business Impact:
Splunk Product:
Splunk SOAR (Previously Splunk Phantom) Enterprise Edition
[image] => posts/March2023/oBgfBlISB9TaOPeFF9CX.png [slug] => automating-malware-investigation-for-one-of-the-top-investment-firms [meta_description] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 10:47:02 [updated_at] => 2023-03-15 11:25:56 [tags] => Splunk-SOAR, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) ) [escapeWhenCastingToString:protected] => ) 1
