LogicHub SOAR+

Data Ingest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Expert SOC Team is captured in many out of the box security playbooks included in product. These automation workflows can be easily adopted by security teams. Decisions Complex data analysis and advanced correlations to identify known and unknown threats. The ML stitches multiple events into one, and it scores and ranks all threats and events. The ML also offers recommendations for enhancing existing automations and creating new automations. The platform identifies new threats and false positives by combining data ingested from integrations with its own built-in detection using security content included in the platform. Actions The optimal response is decided by mimicking the actions that the analyst would take -- a cognitive approach. The engine executes playbooks to respond to threats automatically, at scale and at machine speeds. It creates cases to assist analysts in identifying incidents. No Python coding required. The Foundation Flexible architecture based on Apache Spark runs both on-prem or in the cloud. Our ML models are continuously monitored and improved by the feedback from the analysts and our Expert SOC Team. Key Features

• Automation Engine. Automate manual investigation steps for any SOC playbook
• Machine Learning. Apply cognitive automation to mimic the expertise and intuition of skilled analysts
• Deep Correlation. Threat Rank the highest priority alerts using sophisticated analysis across all event and intelligence data
• Feedback Loop. Improve efficacy by easily providing context and expertise via an intuitive human feedback loop
• Full Traceability. Automatically document alert scoring and reasoning for full visibility into the how and why
• Integrations. Connect to hundreds of applications and services with a robust integration framework
• Ingestion Framework. Easily intake security events data from SIEMs, log aggregators, cloud logs, and dozens of security products
• Visual Playbook Editor. Enable easy creation of automation flows, without any coding
• Agentless Deployment. Easy installation and setup by leveraging open APIs