CDC Integrations
  • 16 Apr 2023
  • 3 Minutes to read
  • Dark
    Light
  • PDF

CDC Integrations

  • Dark
    Light
  • PDF

Article summary

Integration NameDescription
Abuse Email via Azure Logic AppsReads email information from Azure Logic Apps and creats alerts in the CDC.
AbuseIPDBProvides enrichments for specific IP addresses.
AutoFocusProvides the ability to query the threat intelligence data provided by Palo Alto Networks’ repository of high-fidelity threat intelligence cloud, using AutoFocus’ Rest API.
Azure Active DirectoryProvides enrichments for specific users, members, devices, and domains via REST API.
Azure Key VaultsEnables securely storing and tightly controlling access to passwords. This integration is carried out in order to meet the requirement of one of the packs to store passwords on Azure Key Vault.
Azure Log AnalyticsProvides the extraction of logs from Azure Analytics as observables.
Azure ResourceCreated to support CDC users by providing enrichment consisting of details of resources and tags, enabling CDC users to make informed decisions regarding incident response.
CrowdStrike FalconProvides enrichment consisting of host, user, hash, IP, and vulnerability details.
CVEWe use custom adaptive cards to display large amounts of CVE data in a meaningful intuitive GUI, to facilitate the easy understanding of complex enriched data about individual CVE IDs provided by users.
CybereasonProvides enrichment that consists of the details of specific domains, machines, processes, etc. connected to Cybereason.
Firewall Black List Supports creating/updating/maintaining the External Dynamic List - or EDL.
Firewall Excessive HitCreated to support CDC users by automating the playbook used by the CyberProof Monitoring/SOC teams, to address connection attempts made via various IP addresses.
IBM ResilientSupports CDC users by automating the creation of incident, update incident, close incident, add attachments to incident, and create tasks under incidents on the IBM SOAR platform.
IntSightsSupports CDC users by providing the extraction of threat logs as alerts and additional information on observables.
IntSights TIPProvides IP/URL/domain and hash-based enrichments, consisting of IOCs and other threat indicator related information.
IPAMIntegration with OpenWISP IPAM supports CDC users by providing enrichments for internal IPs via REST API.
LogRhythmIntegration with LogRhythm is created to support CDC users, by providing the extraction of logs as observables.
Microsoft Azure SentinelProvides the extraction of logs from Sentinel as alerts and observables.
Microsoft DefenderProvides enrichment consisting of the details of hosts, users, hashes, IPs, and vulnerabilities.
PagerDutyEnables CDC users to create Incident tickets on PagerDuty, and fetch incident details back from PagerDuty using CLI commands from the CDC.
QRadarProvides the extraction of logs and observables from the QRadar platform.
QualysProvides vulnerability data for provided IP addresses.
QualysVMSupports CDC users by providing vulnerability data for provided IP addresses.
Query EngineRuns the query in response to an alert.
ServiceNow - IT Service ManagementEnables CDC users to create and close incident tickets and updated comments on ServiceNow ITSM, directly from the CDC.
ServiceNow CMDBProvides enrichments for internal hosts, enabling CDC users to make informed decisions regarding incident response.
ShodanSupports CDC users by providing the enrichments for specific IP addresses to get all information about the IP.
SplunkProvides the extraction of logs and observables from the Splunk platform.
TelegramEnables CDC users to provide updates to clients using Telegram’s messaging service.
ThreatConnectIntegration of ThreatConnect with the CDC includes the injection of ThreatConnect incidents as alerts in the CDC.
ThreatConnect TIPSupports CDC users by providing enrichments consisting of IOCs and other threat intelligence related information.
URL ScanSupports CDC users by providing the enrichment of URLs or domains, which enables CDC users to make informed decisions on incident response.
VirusTotalProvides enrichments for IP addresses, URLs, domains, hashes (MD5/SHA/SHA256), and files - to ascertain if they are identified as malicious using VirusTotal services.
VMWare Carbon Black EDRFetches the details of incidents created on the VMware Carbon Black EDR platform - along with metadata.
WildfirePaloAltoProvides enrichments for the file hash.

Was this article helpful?