Siemplify users can utilize Siemplify ThreatFuse integration in a form of ready-to-use solutions – Use Case Packages.
Siemplify ThreatFuse Use Cases:
Enrichment and Triage
Aggregated threat intelligence supports event triage and decision making by determining if an indicator is suspicious and at what severity level. Deep intelligence context is added to events such as providing detailed information about associated threat actors and association with any known campaigns when malicious threat is discovered.
ThreatFuse contextual intelligence drives intelligence-based investigations that use associated indicators from an enriched entity to find other relevant indicators of attack in your organization.
Newly discovered indicators can be used to trigger playbooks that defend your environment through automatic detection and response. Filters and thresholds can be applied to limit the types of threats or entities that trigger automated response.
Share false positives in your environment to make sure the data is not used in the future, or use Trusted Circles to give back to the threat community when you discover new indicators.
Siemplify users can download Use Cases packages in Siemplify Marketplace and start using them with a minimal configuration.
Each use case package contains the following:
- Real case study
- Integrations package
- Full working playbook and blocks
- Test case
- Video guide
- Configuration guide
- Simulation data (for Playbook Simulator)
After deploying the Use Case, all playbooks are installed and available by default in Simulation Mode, which allows you to see playbooks in action before configuring integrations.
Learn more about the ThreatFuse Integration and Use Case here.
Need more help with this?
Click here to open a Support ticket