Silverfort | Marketplace

Details
Content
Dependencies
Version History

Silverfort protects organizations from data breaches by delivering strong authentication across entire corporate networks and cloud environments, without requiring any modifications to endpoints or servers. Using patent-pending technology, Silverfort's agentless approach enables multi-factor authentication and AI-driven adaptive authentication even for systems that don’t support it today, including proprietary systems, critical infrastructure, shared folders, IoT devices, and more. Use Silverfort integration to get & update Silverfort risk severity. This integration was integrated and tested with Silverfort version 2.12.

Whenever Cortex XSOAR runs an investigation that entails a suspicion of compromised user account it leverages Silverfort’s visibility to gain wider context of the investigated user account and applies Silverfort’s proactive protection capabilities such as requiring MFA or blocking access altogether as part of Cortex playbooks.

What does this pack do?

Mutual data enrichment on user’s risk and triggering protective actions:

Cortex XSOAR queries Silverfort whether an investigated user account is a service account or a human user
Cortex XSOAR queries Silverfort’s risk score for investigates user accounts
Cortex XSOAR actively updates users’ risk scores at Silverfort based on its automated investigation
Silverfort blocks user access to resources or requires MFA based on Cortex playbook

Add helpful, relevant links below

Playbooks

Name	Description
Silverfort Disable High Risk Account	This playbook gets the user risk from Silverfort DB. If the risk is medium or higher, the user will be blocked & alert will be sent.
Silverfort Update Risk for Domain Admins Incidents	This playbook gets an incident related to an account. If it is a domain admin, updates Silverfort risk.

Integrations

Name	Description
Silverfort (Partner Contribution)	Use the Silverfort integration to get and update Silverfort risk severity.

Playbooks

Name	Description
Silverfort Disable High Risk Account	This playbook gets the user risk from Silverfort DB. If the risk is medium or higher, the user will be blocked & alert will be sent.
Silverfort Update Risk for Domain Admins Incidents	This playbook gets an incident related to an account. If it is a domain admin, updates Silverfort risk.

Integrations

Name	Description
Silverfort (Partner Contribution)	Use the Silverfort integration to get and update Silverfort risk severity.

Required Content Packs (5)

Pack Name	Pack By
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Active Directory Query	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (7)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
MITRE ATT&CK	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Active Directory Query	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

PUBLISHER

Silverfort

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	July 22, 2020
Last Release	March 29, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.