icon-accurate@2x Challenge

While a SOAR solution is architected to operate heavily on the strength of its integrations with 3rd party solutions and its ability to verify and respond to alerts generated by those platforms, not all potential threats or security events are first identified by a security solution. Many come from individual users, either being reported directly to the security operations team through various communication methods like email or Slack, or they are sent to the IT operations team where they are recorded in a trouble ticketing system like ServiceNow. And while these may not always be immediately critical threats, they often require quick intervention by the security team in order to prevent disruptions in normal operations. Yet many organizations are hindered by the slow, manual processes they have in place for dealing with user reported threats.

icon-fast@2x Solution

LogicHub playbooks can be set up to investigate and respond to user reported incidents in many different formats. For example, one playbook can automatically retrieve and analyze user reported phishing attempts from a SOC inbox, extract relevant details from the emails, perform rapid investigations, and execute the proper incident response processes. Another might be set up to watch for security-related requests entered into a trouble ticketing system, like a password reset request. The playbook could automatically extract user data, look for any IOCs like unusual authentication or other activity by that user, check with the user if the request is legitimate, and based on the results either notify the user via text that the password has been reset or notify the correct resource that the account has been compromised.

Similar case studies

Automatically Quarantining Infected Hosts
Quarantine infected host automatically or with one-click authorization.
Automating EDR Alert Triage
Automatically analyze, investigate and triage EDR events and alerts at scale.
Automating Phishing Triage
Automatic analysis, detection and triage of potential phishing attempts.
Automating SIEM Alert Triage
Automatically analyze, investigate and triage SIEM events and alerts at scale.
Detecting and Disabling Compromised Credentials
Automatically detect and disable compromised user and admin credentials.
Detecting Exposed AWS Keys
Find and disable AWS keys that have been inadvertantly exposed.
Hunting for Insider Threats
Automatically hunt for and detect insider threats.
Malicious Powershell Commands
Detect the malicious user of Powershell commands.
Managed O365 Detection and Response
Cloud productivity managed detection and response for O365 users.
Threat Hunting in GitHub
Using automated playbooks to deliver continuous threat hunting.
Using TIP to Automatically Triage Network Events
Using threat intelligence platforms to accurately triage network events.
Managed Detection and Response for G-Suite
Cloud productivity managed detection and response for G-Suite users.
MDR After Hours Incident Response
Managed detection and response for after hours threat protection.
Respond to User Reported Incident
Automate incident response to issues reported by users.
Automating Threat Hunting in AWS CloudTrail Logs
LogicHub has developed a playbook to hunt for risks in one such solution, AWS CloudTrail logs. This conducts seven investigations in parallel to identify risks within the CloudTrail logs.
Automating Threat Hunting in Web Proxy Logs
By running the LogicHub Playbook for Web Proxy Threat Hunting, Security Operations Centers (SOCs) can discover surreptitious communications with remote Command and Control (C2) applications that play an integral part in security attacks.
Automating Threat Intelligence Searches
One of the many use cases that LogicHub customers have implemented and benefited from is that of automating the search for Indicators of Compromise (IOCs), that are distributed from various 3rd party sources within their environment.
Monitoring Files Written to USB
LogicHub customers have implemented and benefited from automating the monitoring of users writing files to external USB drives.