This blog written by Tomer Haimof and published on April 11, 2024.
Maintaining compliance with regulations and security standards is paramount for organizations in today's dynamic and ever-evolving cybersecurity landscape. However, simply receiving alerts about compliance issues is often not enough to effectively mitigate risks. To address this challenge, we are thrilled to introduce an enhanced use case for handling compliance alerts from Prisma Cloud Compute in Cortex XSOAR.
The current use case for handling compliance alerts from Prisma Cloud Compute focuses on mapping limited data to incident fields. While this provides a basic understanding of the issue, it falls short of providing comprehensive visibility into affected resources and the underlying causes of the compliance issues.
1. Enriched Data for Affected Resources
The enhanced use case goes beyond basic data mapping by providing detailed information about affected resources such as images, hosts, and containers. This includes resource names, cloud metadata, enriched compliance issue data (such as severity), and more.
In addition to the enrichment, it also includes an optional section for creating or updating external tickets for each compliance issue.
2. Dedicated Layout for Enhanced Visibility
To aid analyst decision-making, Prisma Cloud Compute - Compliance Alert v2 features a dedicated layout with multiple tabs:
Case Info: Description of the use case and essential case details.
Fig 1: Incident info layout
Host/Image/Container Compliance Information: This tab showcases enriched compliance data for the respective resource type, along with action buttons for further insights and automated actions:
Fig 2: Enriched compliance information
Detailed Compliance Issues: Displays results of the further enrichment action, offering deeper insights into the compliance issues.
Fig 3: Details on compliance issues
Ticketing Information: Offers details about external tickets created for each compliance issue, including the ticketing system name, ticket ID, action taken, and ticket title.
Fig 4: Ticketing info on compliance issues
The playbook, "Prisma Cloud Compute - Compliance Alert v2," is divided into three sub-playbooks, each tailored to handle a specific resource type: host, image, and container. Data enrichment and external ticket creation occur within each sub-playbook, providing a streamlined and comprehensive approach to compliance alert handling.
A dedicated sub-playbook for each resource type:
Fig 5: Sub-playbooks to handle enrichment
Dedicated sub-playbooks for ServiceNow and Jira:
Fig 6: Sub-playbooks to handle Jira and ServiceNow ticketing
With this enhanced playbook for compliance alert handling, organizations can elevate their compliance management efforts by gaining deeper insights, taking automated actions, and fostering a more proactive approach to security and risk mitigation. By harnessing the power of Cortex XSOAR and Prisma Cloud Compute, security teams can stay ahead of compliance challenges and safeguard their digital assets effectively.
Ready to supercharge your compliance alert handling? Download the Prisma Cloud pack today to enjoy the power of Prisma Cloud Compute - Compliance Alert v2 playbook and experience the difference firsthand!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 3 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like | |
| 1 Like |
