Demisto Enterprise integrates with a growing list of dozens of products, including security products as well as collaboration and notification platforms. By integrating with Demisto Enterprise, partners enable their products with the industry’s first Bot-powered security ChatOps platform for automating playbooks and response tasks, and detecting duplicate incidents.
Automate data enrichment and analysis with Demisto’s playbooks and
Palo Alto Networks WildFire. In addition, remediate via automation scripts adjusting
Palo Alto Networks Panorama™ policy.
Reduced risk and exposure by automating response to security incidents and using rich endpoint data from Carbon Black and automated playbooks from Demisto.
Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Demisto playbooks and from investigation war-room.
Automatically enrich the investigation data with user risk score and complete session details from Exabeam into Demisto and trigger responses like adding user to watchlist based on investigation artifacts from within playbooks.
Search and run queries against Tanium server from playbooks or via ChatOps enabled war-room within Demisto Enterprise.
Check for reputation of IP addresses, URL and files using VirusTotal database from automated playbooks and war-room.
Send notifications to Slack (direct messages and channels) for new incidents, assigned incidents and assigned tasks from Demisto Enterprise.
Automatically update IOC blacklist and change firewall policy from Demisto Enterprise based on the incident investigation data.
Collect vulnerability data and initiate incidents upon discovery of major vulnerabilities in sensitive systems.
Analyze malware samples collected from endpoint and other security tools automatically using Fireeye.
Use volatility to analyze memory dumps for infected systems as part of playbook automations or interactive ChatOps commands.
Send sms notifications using Twilio for new incidents, assigned incidents and assigned tasks from Demisto Enterprise.
Check for reputation of IP addresses, URL and files using IBM X-Force exchange database from automated playbooks and war-room.
Collect rich forensics data from Mac OSX endpoints using the Demisto Enterprise and OSXCollector integration.
Use SSH and WMI to run actions on compromised endpoints via automated playbooks or from investigation war-room.
Query active directory for user and system details using different attributes like email, username, system name etc.
Send outgoing emails and consume emails for creating incidents. Automatic emails trigger can be used for integration with other ticketing systems or notification.
Automatically search mailboxes based on sender, subject and other parameters, delete emails and other actions via playbooks.
Run custom and pre-defined queries against your Elasticsearch instance to look for IOC, analyze logs or other tasks.