CDC Integrations
- 16 Apr 2023
- 3 Minutes to read
- DarkLight
- PDF
CDC Integrations
- Updated on 16 Apr 2023
- 3 Minutes to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
| Integration Name | Description |
|---|---|
| Abuse Email via Azure Logic Apps | Reads email information from Azure Logic Apps and creats alerts in the CDC. |
| AbuseIPDB | Provides enrichments for specific IP addresses. |
| AutoFocus | Provides the ability to query the threat intelligence data provided by Palo Alto Networks’ repository of high-fidelity threat intelligence cloud, using AutoFocus’ Rest API. |
| Azure Active Directory | Provides enrichments for specific users, members, devices, and domains via REST API. |
| Azure Key Vaults | Enables securely storing and tightly controlling access to passwords. This integration is carried out in order to meet the requirement of one of the packs to store passwords on Azure Key Vault. |
| Azure Log Analytics | Provides the extraction of logs from Azure Analytics as observables. |
| Azure Resource | Created to support CDC users by providing enrichment consisting of details of resources and tags, enabling CDC users to make informed decisions regarding incident response. |
| CrowdStrike Falcon | Provides enrichment consisting of host, user, hash, IP, and vulnerability details. |
| CVE | We use custom adaptive cards to display large amounts of CVE data in a meaningful intuitive GUI, to facilitate the easy understanding of complex enriched data about individual CVE IDs provided by users. |
| Cybereason | Provides enrichment that consists of the details of specific domains, machines, processes, etc. connected to Cybereason. |
| Firewall Black List | Supports creating/updating/maintaining the External Dynamic List - or EDL. |
| Firewall Excessive Hit | Created to support CDC users by automating the playbook used by the CyberProof Monitoring/SOC teams, to address connection attempts made via various IP addresses. |
| IBM Resilient | Supports CDC users by automating the creation of incident, update incident, close incident, add attachments to incident, and create tasks under incidents on the IBM SOAR platform. |
| IntSights | Supports CDC users by providing the extraction of threat logs as alerts and additional information on observables. |
| IntSights TIP | Provides IP/URL/domain and hash-based enrichments, consisting of IOCs and other threat indicator related information. |
| IPAM | Integration with OpenWISP IPAM supports CDC users by providing enrichments for internal IPs via REST API. |
| LogRhythm | Integration with LogRhythm is created to support CDC users, by providing the extraction of logs as observables. |
| Microsoft Azure Sentinel | Provides the extraction of logs from Sentinel as alerts and observables. |
| Microsoft Defender | Provides enrichment consisting of the details of hosts, users, hashes, IPs, and vulnerabilities. |
| PagerDuty | Enables CDC users to create Incident tickets on PagerDuty, and fetch incident details back from PagerDuty using CLI commands from the CDC. |
| QRadar | Provides the extraction of logs and observables from the QRadar platform. |
| Qualys | Provides vulnerability data for provided IP addresses. |
| QualysVM | Supports CDC users by providing vulnerability data for provided IP addresses. |
| Query Engine | Runs the query in response to an alert. |
| ServiceNow - IT Service Management | Enables CDC users to create and close incident tickets and updated comments on ServiceNow ITSM, directly from the CDC. |
| ServiceNow CMDB | Provides enrichments for internal hosts, enabling CDC users to make informed decisions regarding incident response. |
| Shodan | Supports CDC users by providing the enrichments for specific IP addresses to get all information about the IP. |
| Splunk | Provides the extraction of logs and observables from the Splunk platform. |
| Telegram | Enables CDC users to provide updates to clients using Telegram’s messaging service. |
| ThreatConnect | Integration of ThreatConnect with the CDC includes the injection of ThreatConnect incidents as alerts in the CDC. |
| ThreatConnect TIP | Supports CDC users by providing enrichments consisting of IOCs and other threat intelligence related information. |
| URL Scan | Supports CDC users by providing the enrichment of URLs or domains, which enables CDC users to make informed decisions on incident response. |
| VirusTotal | Provides enrichments for IP addresses, URLs, domains, hashes (MD5/SHA/SHA256), and files - to ascertain if they are identified as malicious using VirusTotal services. |
| VMWare Carbon Black EDR | Fetches the details of incidents created on the VMware Carbon Black EDR platform - along with metadata. |
| WildfirePaloAlto | Provides enrichments for the file hash. |
Was this article helpful?