Organizational optimization is an important part of any business. Without it, things can fly under the radar - whether it be monetarily, in productivity, or otherwise. It’s the reason why automation is such a hot topic, and why just about every business sees the benefit in automating basic processes. With automation being our primary focusing, we’ve come up with a lot of ways to reduce unnecessary processes, not least among them unnecessary human interaction through the command line.

Automated Commands allow the flow of a case to turn from a complex maze of time-consuming lookups into a lightning fast, human readable presentation of all information relevant to the case.

What are Automated Commands?
Automated Commands are all the same commands in your toolset, but without the business of manually applying them. Cases will automatically have a desired command or string of commands applied to them when created or called upon. These commands can vary from simple case reassignment to a long chain of lookups, case status changes, automatic triage, automated data aggregation, and more.

One massive advantage to the automation of commands is in the time saved through doing so. Not only does the lack of command input mean saved time during case investigation, but the aggregation of information in a single comment visible to the investigator, for example, offers a hands-off investigation with a quick resolution. In the case that an analyst is not needed for a specific situation, a case resolution could conceivably be completely automated.

How Do Automated Commands Improve Security?
As with all automation, automated commands can allow for quicker case triage and increased precision. More tasks can be performed at once, like lookups for IP reputation or file scans. In this sense, more security checks can be performed faster, opening the way for analysts to finish the job or for the lower priority cases to be moved out of the way.

Beyond speed improvements, the application of multiple commands at once can mean an improvement in accuracy. Fewer cases of human error may be seen with information merged onto a single page - with less information for a human operator to manage, it’s less likely that mistakes will be seen.

Of course, automated commands can also be used to directly improve security through automated whitelisting or blacklisting depending on the environment.

Where Can I Use Automated Commands?
While automated commands are a broad concept, there are some key situations in which they have been previously tested:

  • Salesforce/Google Workspace (formerly G Suite)/Other Third Party Triage - Using an integration for almost any service, logins or activity performed by users in these services can be effectively triaged with little to no interaction from a human.
  • Fast IP Lookups - Through sites like AbuseIPDB or Cisco’s Talos IP Lookup, IP addresses can quickly be searched and their details gathered into a reputation score. This action can allow for quick reference of an IP’s reputation from multiple sources.
  • Quick Case Assignment - Through either triage or through set case status, a case can be quickly assigned to a user or its status may be changed.

Though this is a small sampling, it shows how many effective situations automated commands have been tested in.

Blog

Related Posts

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More