Note: Please test this properly before implementing in a production environment. This is a sample workflow!
Note: Please review the sub directories of this repository for the modules.
Note: It is possible to integrate the workflow with Webex Teams. In order to do that, an API Access Token and a Room ID need to be entered in the config.json file. Please retrieve your key from: https://developer.webex.com/docs/api/getting-started. Then create a dedicated Webex Teams space for these notifications and retrieve the Room ID from: https://developer.webex.com/docs/api/v1/rooms/list-rooms. Please be aware that the personal token from the getting started page only works for 12 hours. Please follow these steps to request a token per request: https://developer.webex.com/docs/integrations.
You will be prompted for some credentials and targets. Please follow the instructions to make sure there are no more orange errors in the workflow and you can click VALIDATE in the top right of the workflow edit pane.
Feel free to add more response actions, based on the amount of sightings per incident:
This set of workflows allows to automate a part of the Threat Hunting process and correlate multiple events into a single incident.
Please continue your reading in this SecureX white paper.
Currently there is no DevNet sandbox yet, however you can find all options to try out these SecureX orchestration learning labs!
Please check out related solutions on DevNet Ecosystem Exchange.
Owner
Contributors
Categories
Programming Languages
License
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community