Wednesday, February 09, 2022

Build a Champion SOC with VirusTotal and Palo Alto Networks Cortex XSOAR

With Palo Alto Networks’ Cortex XSOAR as your champion and VirusTotal as the sharpened blade, your SOC will decimate threats and reduce analyst strain. Together, VirusTotal and Cortex XSOAR enable your security and IT teams to discover context and solve incidents in a cost effective way. 

Join us next March 31st for an expert-led discussion on leveraging threat intelligence in your SOC. Register here.

VirusTotal Cortex XSOAR packs enable you to:

  • Orchestrate custom threat feeds through Cortex XSOAR to perform live IoC matching and launch retroactive threat hunts from your SIEM or historical log archives.

  • Leverage improved and early detection with crowdsourced {Yara, SIGMA, IDS} threat reputation for files, domains, IPs, and URLs.

  • Streamline your triage process with prioritized SOC alerts based on severity and threat categories.

  • Inform your EDR platform by feeding it highly relevant and undetected threats identified with VirusTotal YARA.  

Not only that. Our new improved VirusTotal packs allow you to create custom IOC feeds. You can simply create your own VT Hunting Livehunt rules and feed them into XSOAR. Here you can learn how:

Check out the four XSOAR VirusTotal content packs and discover which is right for you, and try one for free through the Cortex XSOAR Marketplace platform. New to Cortex XSOAR? Download the Community Edition to discover how VirusTotal and XSOAR can work for you! 

Building a Champion SOC

The quest to best protect an organization requires several top-of-the-line weapons for an analyst to wield. To handle the daily torrent of alerts and threats, security teams need access to the sharpest, most up-to-date threat intelligence to provide the missing critical pieces of information like files, URLs, domains, and more.  Unfortunately, security teams rarely have the time or resources to maintain a full arsenal of rich, ingestible intelligence. 

To provide security teams with the best tools to combat threat actors, VirusTotal and Cortex XSOAR are thrilled to streamline threat intelligence through the Cortex XSOAR Marketplace. As one of the largest threat intelligence services in the world, VirusTotal is expanding its research, enrichment, and malware hunting capabilities to XSOAR - a market leading Security Orchestration Automation and Response platform for unified case management, automation, and real time collaboration.  

With one click installation, your security team can easily and accurately pull the necessary context to surface threats in your system. Subscribe to VirusTotal from the XSOAR Marketplace to access the VirusTotal API directly for critical context regarding your incident response and alert management. With advanced orchestration from Cortex XSOAR, your SOC can create custom threat feeds and very easily plug them straight into your security stack to search for both current and retroactive breaches. 

VirusTotal offers four content packs each with a monthly allotment of lookups. Starter gives 5,000 lookups per month, Respond gives 150,000, Enrich gives 1 million, and Triage gives 100 million. Leverage these powerful solutions to seamlessly enrich  your alerts with cost-effective confidence. Furthermore, IoC matching is driven by the real-time view of the threat landscape as seen by VirusTotal, powered by millions of users each month. This unparalleled enrichment provides confident, accurate context for unrivaled global visibility into threats.

As a final note, please note that both Palo Alto Networks Cortex XSOAR Marketplace points customers and any other user can still provision custom premium API keys from VirusTotal and operate XSOAR with these. The new VirusTotal XSOAR packs do not replace existing workflows or licensing options.   

Happy hunting!


Post a Comment