This integration interacts with Cohesity Helios and performs actions based on alerts raised.
Cohesity Helios, a next-gen data management platform, delivers a unique combination of an immutable file system with DataLock capabilities, anomaly detection, policy-based data isolation, quorum and MFA to prevent backup data from becoming part of a ransomware attack.
This content pack from Cohesity provides Cortex XSOAR customers with alerts by integrating ransomware detection into an automated playbook for managing ransomware attack recovery to help reduce ransomware risk.
Cohesity’s comprehensive, end-to-end solution Cohesity Ransomware features a multi-layered approach to protect backup data against ransomware, detect, and rapidly recover from an attack. Cohesity’s unique immutable architecture ensures that your backup data cannot be encrypted, modified or deleted. Using machine learning, it provides visibility and continuously monitors for any anomalies in your data. And if the worst happens, Cohesity helps to locate a clean copy of data across your global footprint, including public clouds, to instantly recover and reduce downtime.
What does this pack provide?
Cohesity Helios and Cortex XSOAR enable your security and IT teams to recover from ransomware attacks.
Command to fetch ransomware alerts based on attributes such as time duration, severity level, cluster identifiers and region identifiers.
Command to restore a specified backed up object from its latest clean snapshot.
Command to ignore a specified ransomware alert.
Cohesity Helios, a next-gen data management platform, delivers a unique combination of an immutable file system with DataLock capabilities, anomaly detection, policy-based data isolation, quorum and MFA to prevent backup data from becoming part of a ransomware attack.
This content pack from Cohesity provides Cortex customers with alerts by integrating ransomware detection into an automated playbook for managing ransomware attack recovery to help reduce ransomware risk.
Cohesity’s comprehensive, end-to-end solution Cohesity Ransomware features a multi-layered approach to protect backup data against ransomware, detect, and rapidly recover from an attack. Cohesity’s unique immutable architecture ensures that your backup data cannot be encrypted, modified or deleted. Using machine learning, it provides visibility and continuously monitors for any anomalies in your data. And if the worst happens, Cohesity helps to locate a clean copy of data across your global footprint, including public clouds, to instantly recover and reduce downtime.
What does this pack provide?
Cohesity Helios and Cortex enable your security and IT teams to recover from ransomware attacks.
Command to fetch ransomware alerts based on attributes such as time duration, severity level, cluster identifiers and region identifiers.
Command to restore a specified backed up object from its latest clean snapshot.
Command to ignore a specified ransomware alert.
Rest API integration for your Cohesity Helios
Audit and Alert logs XDM mapping
Generate an api key from Helios UI
- Login to Helios UI.
- Click on Settings icon on top right corner and select Access Management.
- From the available tabs, select API Keys.
- Click on Add API Key button.
- Give the apiKey a name and click the Save button.
- Copy the key.
| Parameter |
Description |
Required |
| Your server URL |
|
True |
| API Key |
The API Key to use for connection |
True |
| Trust any certificate (not secure) |
Trust any certificate (not secure). |
False |
| Use system proxy settings |
Use system proxy settings. |
False |
| Incident type |
|
False |
| Maximum number of incidents to fetch every time |
|
True |
| First fetch timestamp |
|
False |
| Fetch incidents |
|
False |
| Incidents Fetch Interval |
|
False |
