For security teams, separating insights from the noise of incoming alerts and coordinating between multiple security products often involve repetitive tasks that waste valuable time which could be put to more productive use.
The Demisto and Sumo Logic integration equips security teams with rich, correlated data that can be leveraged during incident investigations or by playbooks for automated data enrichment and incident response.
- Query Sumo Logic data to investigate or enrich incidents in Demisto and trigger automated triage and response.
- Leverage hundreds of Demisto third-party product integrations to coordinate response across security functions based on insights from Sumo Logic.
- Run 100s of commands (including for Sumo Logic) interactively via a ChatOps interface while collaborating with other analysts and Demisto’s chatbot.
USE CASE #1
Automated Data Enrichment and Response
When you have to use different solutions for data enrichment and incident response, it can be tough to track the lifecycle of an incident due to fragmented information spread across multiple locations. As a result, you spend time chasing data and completing low-level tasks that can be better spent resolving incidents.
Sumo Logic alerts can trigger Demisto playbooks that orchestrate response actions across the entire stack of products that your team uses in a single seamless workflow. For example, you can create tickets, quarantine endpoints and send emails as automated playbook tasks.
Automation of repetitive, manual tasks streamline incident lifecycle processes to help speed up your incident triage and resolution.
To learn more about our integration with Sumo Logic, view our joint solution brief:
USE CASE #2
Interactive, Real- Time Investigation for Complex Threats
While automated playbooks can ease your workload, sometimes an attack investigation requires additional tasks such as gathering critical evidence, drawing relations between incidents, and finalizing resolution.
After running playbooks, your analysts can then gain greater visibility and new actionable information about the attack by running Sumo Logic commands in the Demisto war room. You can view indicator malice, repeating patterns, and cross-correlations at-a-glance in both the work plan and war room windows. You can also run commands from other security tools in real-time, so you get a single-console view for end-to-end investigation. The war room auto-documents all analyst actions and suggests the most effective analysts and command-sets over time.
All your participating analysts will have full task-level visibility into the process and be able to run and document commands from the same window. Auto-documentation of all automation and analyst actions enable you to generate reports quickly for executive review or post-investigation debriefs.
We hope you found this integration overview useful. To explore Demisto in greater detail, you can download our free community edition below.