Overview
With Cortex XSOAR, you have a single platform to orchestrate and automate actions across your cloud product stack for better time to detect (TTD) and faster, scalable response. We integrate with a host of AWS services and 100s of security/IT products so you can correlate and standardize incident response across your entire environment.
Our task-based playbooks can help you automate tasks within your incident workflow or handle end-to-end incident lifecycles.
With keyless automation, users can leverage IAM roles from within Cortex XSOAR, attach privileges and users to those roles and execute automated actions through playbooks tied to those roles without the need for credential storage and transfer.
Cortex XSOAR orchestration platform executes workflows that coordinate across cloud and on-premise security environments. You can automate tasks, run custom searches and queries, track granular SLAs and metrics, and extract wider context - without the need for screen switching and manual repetition.
Your analysts can gain new actionable information about the attack by running AWS commands in the Cortex XSOAR War Room. Analysts can get the GuardDuty detector tied to the alert or the list of resources affected by the alert, in real-time.
The War Room is also powered by ChatOps that helps your analysts converse with each other for joint investigations, and all commands, notes, and evidence are auto-documented.
Highlights
- Ingest alerts from AWS solutions such as GuardDuty and SQS to kick-off automated and standarized playboo-driven response in Cortex XSOAR
- Further enrich AWS data with intelligence from other security tools via Cortex XSOAR's orchestration
- Improve personnel efficiency by centralizing investigation, collaboration and documentation on one console.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
None
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Get started with Demisto Enterprise: * In your EC2 Management Console, find your instance running Demisto Enterprise. * Copy its public IP. * Paste the public IP into a new browser tab with https:// prefix and hit enter. * Log into Demisto with the following credentials: ** username: admin ** password: <the instance id of the instance just created> * If you haven't done so, Contact support@demisto.com to get your license and access to our support portal. * If you don't have a valid license and would like to get a free edition license for the Demisto Enterprise please submit a request at https://go.demisto.com/demisto-free-edition-amazon
Resources
Vendor resources
Support
Vendor support
www.paloaltonetworks.com/company/contact-support You can create your own account and file a support ticket at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.