On average, it is 287 days before an enterprise realizes that they have been breached and to contains the breach. The CimTrak Integrity Suite can help enterprises decrease this unacceptable statistic to mere seconds. CimTrak helps organizations monitor and protect a wide range of physical, cloud, network, and virtual IT assets in real-time. Built around leading-edge file integrity monitoring capabilities, CimTrak gives organizations deep situational awareness including who is making changes, what is being changed, when changes are occurring, and how changes are being made. This, coupled with the ability to take instant action upon detection of change, gives organizations assurance that their IT assets are always in a secure and compliant state. Furthermore, CimTrak helps measure and monitor the security posture of your organization. This is accomplished by helping organizations reduce configuration drift and ensure that systems are in a secure and hardened state. Securing your infrastructure with CimTrak helps you get compliant and stay that way. For more information, visit our CimTrak information page.
This Content XSOAR content pack contains the integration with CimTrak and the Palo Alto XSOAR, which allows you to further vet and respond to emerging threats to your infrastructure. CimTrak performs realtime detection of unauthorized modifications to servers and network devices, while also leveraging CIS Benchmarks to ensure that your key servers and devices are always in a hardened state. In addition, CimTrak can perform advanced remediation actions such as rolling back to a previous version of critical files. By combining CimTrak & Palo Alto XSOAR, via this integration, you now have the power to deepen your understanding of certain security events using CimTrak's rich file assessment engines and/or verify them against a curated allow-list. In addition, this integration will allow you to leverage CimTrak to integrate your existing ITSM system such as ServiceNow, BMC Remedy, and Jira. By unlocking dozens of new capabilities, this integration truly unlocks the orchestration and response capabilities of the Palo Alto XSOAR.
What does this pack do?
This pack enables a wide variety of new functions that will allow you to enhance your playbooks with new functionality that leverages the CimTrak Integrity Suite. Some of these new capabilities include:
- Detect unauthorized changes to servers and network devices in realtime, and react to them directly within your playbook
- Leverage your playbook to react to integrity events identified by CimTrak
- Roll unauthorized file and network device changes back to their original state
- Analyze files to determine if they are malicious or not using Palo Alto Wildfire or VirusTotal
- Verify if files are from an authorized OS vendor via the Cimcor Trusted File Registry
- Initiate Compliance & Benchmark scans to systems directly from your playbook
- Create tickets within CimTrak with the optional capability to sync tickets to external ticketing systems such as ServiceNow and BMC Remedy
- Trigger the generation of CimTrak reports
- Promote files or IT environment changes to an authoritative baseline or global allowlist
- Much more
This pack includes a few sample playbooks, that serve as an example of how to use and leverage this extenstive set of new actions.
- Scan Compliance By IP - Example on how to run a compliance scan for an agent based on IP address
- Analyze Intrusion - Example to analyze intrusion
Learn more by viewing this video of the CimTrak content pack in action.