Introducing Demisto Enterprise 2.0
Demisto Enterprise 2.0 is industry’s first comprehensive incident management platform to offer integrated threat intelligence and security orchestration. The new capabilities enable enterprises to integrate leading threat feeds with Demisto to manage indicators and automate threat hunting operations, saving time and significantly reducing the risk of exposure.
- Comprehensive Incident Management
- Advanced Automation via Playbooks
- Real-time Interactive Investigation and Threat Management
- Enhanced Splunk App and Slack Integration
Bi-directional Integration with products for Information Enrichment and Response Actions
- Dozens of built in integrations ready to configure with ease
- Bi-directional integrations enable automatic data collection for investigation and response actions
Triage and Respond Rapidly through Automated Playbooks
- Create new incidents automatically or manually by end user or security team
- Assign automated, playbook-based workflows to incidents for immediate and scalable response
- Create new playbooks or edit out-of-box ones based on security best practices and compliance regulations
Investigate and Collaborate with Security ChatOps
- Collaborate and take notes in context of investigation to expand insights and simplify handoffs
- DBot automatically detects duplicate incidents to reduce redundant work based on data in virtual war-room
- Issue data enrichment ChatOps commands and response tasks to DBot from within virtual war-room
- Delegate to and mentor junior analysts - via collaborative chat room
Journaling and Evidentiary Support
- Capture artifacts from integrated security solutions, notes and comments as evidence
- Correlate, link and track evidence to create a complete kill chain for attack
- Track complete audit trail for journaling and evidentiary support
Report, Assess and Audit via Automated Documentation
- Develop a clear understanding of incident trends and response to make business decisions
- Auto-document and generate report for each incident from the evidence data
- Track playbook tasks completed and SLA for each incident
But wait, there is more ...
Threat Intel Aggregation
DBOT’s intelligent engine connects to threat intelligence sources to fetch most current threat intelligence for IPs, URLs and Files. It aggregates the threat feeds from internal and external sources saving precious analyst time
Pluggable integration architecture
Pluggable integration architecture enables easy connectivity to security products inside the enterprise including SIEM, endpoint tools, firewalls etc. and open source forensics software like the tools included in the SIFT workstation and many more.
Intelligent Search and correlation
DBot’s intelligent engine leverages historical investigation data and smart search to proactively identify related and duplicate incidents and suggests the best next steps to resolve an incident.
Cross-platform dissolvable agent
Using the cross-platform dissolvable agent, DBot is able to automate the security workflows for a variety of playbooks that require endpoint actions or integrations with command line forensics tools.