Incident Response Ticket Automation
The LogicHub platform includes a built-in case management solution for incident tracking and triage, including a new ability to configure case types with automatic response commands (with configurable trigger and approval criteria).
Prefer your existing case management solution? LogicHub includes integrations for a number of popular incident management solutions already, such as ServiceNow and Jira. Leverage the tribal knowledge of your SOC analysts to include steps to create, search, update, and even close cases automatically within your automation playbooks.
Automated SMS User Interaction
There are many ways to try to detect unusual user behavior, but unusual does not always mean bad. It can be very difficult (perhaps sometimes impossible) to tell the difference between a behavior change by the actual user from that of a compromised account, so what if you could simply ask the user?
Using an integration with a third party SMS service (Twilio), LogicHub can notify a user of suspicious activity via SMS notifications and ask whether they performed the suspicious action in question. Based on your user’s response (or lack thereof), a variety of actions can be taken, such as escalating to the user’s manager, generating an incident with the SOC or fraud team, or even disabling the account until the user is reached or an investigation is concluded.
Sometimes there’s no way around the need for human analysis, but that does not mean you cannot lend them a hand. Save them time and speed up the processes for alert triage and incident response by collecting data from other internal tools, gathering threat intelligence around an indicator in question (such as an IP address, URL, or file hash), and automating other mundane tasks that take up your analysts’ precious time.