Your security data is stored in a SIEM or data lake, but it isn’t converged with other data sources. The outcome is manual data aggregation and analysis by security analysts to make decisions on security incidents. appNovi bridges the gap between SIEMs and SOARs to apply business context for SIEM alert refinement and enrich data for inclusion in Cortex XSOAR playbooks and automation. Instead of spending most of their time in Excel and pivoting across multiple screens, analysts gain immediate access to contextualized data to make informed and non-disruptive security decisions.
This pack provides the necessary configurations for triggering Cortex XSOAR playbooks and automation based on saved queries in appNovi. Playbooks are enriched with asset intelligence and network and business context with interactive visualization in appNovui’s interactive cybersecurity mesh graph to reduce MTTR and ensure efficient non-disruptive incident response.
What does this pack do?
- Integrates with your existing tools (e.g. SIEM, SOAR, IaaS, CMDB, vuln scanner, app scanner, EDR, NDR, identity)
- Converges data in a graph database for contextual asset attribution and metadata enrichment
- Maintain an accurate asset and software inventory
- Automatically queries assets based on criteria triggers SOAR playbooks and automation
- Visualizes network, security, and business data for interactive analysis and exploration
- Enrich playbooks with asset attribution and context from appNovi’s cybersecurity mesh
For more information, visit our Cortex XSOAR Developer Docs or visit the IDE in appNovi’s configurations.