Security Operations Integration Configurations

Save as PDF Selected topic Topic & subtopics All topics in contents
Unsubscribe Log in to subscribe to topics and get notified when content changes.
Share this page

Security Operations Integration Configurations

Many of the integrations included in the base system require little or no setup, and operate in the same way. Certain integrations, such as the Qualys Cloud Platform, however, require separate steps for setting up the integration. Others support different sets of scan and lookup types and different rate limits.

This section describes the differences between the supported integrations and points you to more documentation, as needed.

Carbon Black integration: allows you to investigate and respond to security incidents by using the Carbon Black APIs to query and interact with endpoints associated with security incidents.
Check Point Anti-bot - Email Parser integration: uses an email parser that consumes email notifications from Check Point Anti-bot to create security incidents.
Elasticsearch Incident Enrichment integration: searches your logs and adds relevant sighting information to your security incidents.
Have I been pwned? integration: allows the list of breached accounts (email addresses and usernames) to be quickly searched via a RESTful service.
HPE Security ArcSight ESM - Email Parser integration: uses an email parser that consumes email notifications from HPE ArcSight ESM to create security incidents.
HPE ArcSight Logger - Incident Enrichment integration: searches your logs and adds relevant sighting information to your security incidents.
IBM QRadar - Incident Enrichment Integration: searches your logs and adds relevant sighting information to your security incidents.
McAfee ESM - Email Parser integration: uses an email parser that consumes email notifications from McAfee ESM to create security incidents.
McAfee ESM - Incident Enrichment Integration: searches your logs and adds relevant sighting information to your security incidents.
OPSWAT Metadefender integration overview: allows threat data, detected by the third-party Metadefender scanner, to be downloaded to the Threat Intelligence application for tracking, prioritization, and resolution.
Palo Alto Networks - AutoFocus integration: Palo Alto Networks AutoFocus, a threat intelligence cloud service, allows you to search for session information related to security incident observables.
Palo Alto Networks - Firewall integration: Palo Alto Networks Firewall allows you to set up and maintain firewalls for preventing known and unknown threats across the network, cloud, and endpoints.
Palo Alto Networks - WildFire integration: Wildfire integration allows you to programmatically query analysis jobs on Wildfire and retrieve historical results through a simple XML API interface.
Understanding the Qualys Vulnerability Integration: Qualys Cloud Platform is used in Vulnerability Response.
Recorded Future integration: enriches security incidents with valuable threat data.
Splunk - Incident Enrichment integration: searches your logs and adds relevant sighting information to your security incidents.
Tanium Endpoint Platform integration: Security Operations Tanium integration uses a workflow and workflow activities to return running processes for affected CIs.
VirusTotal integration: used in Threat Intelligence. To use this lookup source, you must activate the VirusTotal Integration plugin.
WhoisXML API integration setup: provides consistent, well-structured data from a Whois lookup. Keeps accurate Whois data accessible 24/7.

Activate and configure third-party integrations
You can activate the plugins for third-party integrations and configure them for use from the same screen.
Create an integration
You can create an integration and add the associated integration card to the Security Integrations screen. This procedure is intended for partners who create third-party integrations.

Related concepts

Types of ServiceNow integrations provided
Tips for writing integrations
Integration troubleshooting

Tags:

Feedback

Security Operations Integration Configurations

Save as PDF Selected topic Topic & subtopics All topics in contents
Unsubscribe Log in to subscribe to topics and get notified when content changes.
Share this page

Security Operations Integration Configurations

This section describes the differences between the supported integrations and points you to more documentation, as needed.

Carbon Black integration: allows you to investigate and respond to security incidents by using the Carbon Black APIs to query and interact with endpoints associated with security incidents.
Check Point Anti-bot - Email Parser integration: uses an email parser that consumes email notifications from Check Point Anti-bot to create security incidents.
Elasticsearch Incident Enrichment integration: searches your logs and adds relevant sighting information to your security incidents.
Have I been pwned? integration: allows the list of breached accounts (email addresses and usernames) to be quickly searched via a RESTful service.
HPE Security ArcSight ESM - Email Parser integration: uses an email parser that consumes email notifications from HPE ArcSight ESM to create security incidents.
HPE ArcSight Logger - Incident Enrichment integration: searches your logs and adds relevant sighting information to your security incidents.
IBM QRadar - Incident Enrichment Integration: searches your logs and adds relevant sighting information to your security incidents.
McAfee ESM - Email Parser integration: uses an email parser that consumes email notifications from McAfee ESM to create security incidents.
McAfee ESM - Incident Enrichment Integration: searches your logs and adds relevant sighting information to your security incidents.
OPSWAT Metadefender integration overview: allows threat data, detected by the third-party Metadefender scanner, to be downloaded to the Threat Intelligence application for tracking, prioritization, and resolution.
Palo Alto Networks - AutoFocus integration: Palo Alto Networks AutoFocus, a threat intelligence cloud service, allows you to search for session information related to security incident observables.
Palo Alto Networks - Firewall integration: Palo Alto Networks Firewall allows you to set up and maintain firewalls for preventing known and unknown threats across the network, cloud, and endpoints.
Palo Alto Networks - WildFire integration: Wildfire integration allows you to programmatically query analysis jobs on Wildfire and retrieve historical results through a simple XML API interface.
Understanding the Qualys Vulnerability Integration: Qualys Cloud Platform is used in Vulnerability Response.
Recorded Future integration: enriches security incidents with valuable threat data.
Splunk - Incident Enrichment integration: searches your logs and adds relevant sighting information to your security incidents.
Tanium Endpoint Platform integration: Security Operations Tanium integration uses a workflow and workflow activities to return running processes for affected CIs.
VirusTotal integration: used in Threat Intelligence. To use this lookup source, you must activate the VirusTotal Integration plugin.
WhoisXML API integration setup: provides consistent, well-structured data from a Whois lookup. Keeps accurate Whois data accessible 24/7.

Activate and configure third-party integrations
You can activate the plugins for third-party integrations and configure them for use from the same screen.
Create an integration
You can create an integration and add the associated integration card to the Security Integrations screen. This procedure is intended for partners who create third-party integrations.

Related concepts

Types of ServiceNow integrations provided
Tips for writing integrations
Integration troubleshooting

Tags:

Feedback

How search works:

Topics are ranked in search results by how closely they match your search terms

Security Operations Integration Configurations

Security Operations Integration Configurations

On this page

Security Operations Integration Configurations

Security Operations Integration Configurations

Log in to personalize your search results and subscribe to topics