Skip to main content

Cortex XSOAR (Demisto)

  • Updated

About The Integration

The Intezer connector for XSOAR provides security teams with the capability to automate the analysis, detection, and response of threats by incorporating Intezer's advanced technology into their XSOAR workflows.

 

Utilizing Intezer Automated Triage in XSOAR Workflows

By integrating Intezer's detailed investigation data, you can enhance your workflows in several ways:

  • Enrichment: Intezer's insights offer a wealth of information that can be used to augment your existing tickets or cases, providing a deeper understanding and context to the investigation and response process.

  • Resolving False Positives: With Intezer's precise assessment, you can automatically address or de-prioritize tickets identified as false positives. This reduces the number of irrelevant alerts, allowing your team to concentrate on genuine threats.

  • Escalation of Urgent Incidents: If an incident is deemed of high urgency by Intezer (for instance, ransomware or potential targeted attacks), you can initiate immediate notifications to ensure rapid team alerting. Non-escalated alerts can be reviewed at regular intervals.

  • Remediation: Utilize Intezer's suggested remediation steps, such as blocking IOCs or resetting user credentials.

For a deeper understanding, please refer to the "Leveraging Intezer's Smart Decision Making in Your SOAR" article.

 

xsoar-only-playbook.png

 

Supported Commands

  • intezer-analyze-by-file: Upload and scan a file.
  • intezer-analyze-by-hash: Scan a file by hash (SHA1, SHA256, or MD5) with Intezer.
  • intezer-analyze-url: Scan a URL.
  • intezer-get-alert-result: Get an ingested alert triage and response information using alert ID.
  • intezer-get-analysis-code-reuse: Get a code reuse report for file analysis.
  • intezer-get-analysis-iocs: Get the list of network and file IOCs of a specific analysis id.
  • intezer-get-analysis-metadata: Get file metadata.
  • intezer-get-endpoint-analysis-result: Get an endpoint analysis result.
  • intezer-get-family-info: Get family information from Intezer.
  • intezer-get-file-analysis-result: Get file analysis result.
  • intezer-get-latest-report: Get the latest Intezer scan for a given file hash (SHA1, SHA256, or MD5).
  • intezer-get-sub-analyses: Get a list of the analysis sub-analyses.
  • intezer-get-url-analysis-result: Get URL analysis result.
  • intezer-submit-alert: Submit a new alert to Intezer for processing.
  • intezer-submit-suspected-phishing-email: Submit a suspicious phishing email to Intezer for processing.

 

Installing Intezer XSOAR Integration

Early Access Version

  1. Reach out to support@intezer.com to obtain the integration package.
  2. Import the integration into XSOAR.

Generally Available Version

  1. Navigate to the XSOAR marketplace.
  2. Search and install the "Intezer" integration.
Return to top