Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
Email from supply chain partner SecOps/IT team
You see the Ivanti CVEs? Any worries per our supply chain?
Cyber News
2 vulnerabilities in Ivanti VPN used by federal agencies
Slack message from #triage-group
New high sev 0-day vulnerability to check ASAP
Direct Slack message from Eric/CISO
Are we impacted by this 0-day? Any exposure across our network?
See All The Actions In One Place
Upon logging into your XSOAR Incident Overview dashboard, you notice several critical incidents, raising concerns about a potential data breach in your environment.
Let's delve deeper.
Gain Immediate Insights Into Threats
The Ivanti CVEs and incidents appear on the Threat Landscape Overview dashboard, highlighting concerns about their potential business impact due to recent zero-day vulnerabilities in the news.
Quickly Assess Impact
The Incidents page offers a summary of the incident's type, severity, and status, allowing you to easily report when it occurred to your manager.
Click on the incident ID number to explore further.
Get All Relevant Information
Here, you can see every indicator linked to the incident.
The Playbook Description outlines how XSOAR automatically extracted 23 indicators and analyzed them for valuable insights.
With these insights, you can make quick decisions on whether to block them from spreading across your network.
Access Actionable Threat Intelligence
For a more thorough analysis of the indicators, visit the Threat Intel page. Here, you will find additional context about the indicators, including external threat reports, Unit 42 analyses, and uncover the broader scope of the attack—like whether it’s connected to other incidents.
Respond on the Fly With Quick Action Buttons
Go to the Analyst Tools tab for customizable quick-action buttons that simplify and accelerate incident response, allowing you to perform critical actions with just a click, saving time and reducing manual effort.
Complete Your Investigation in the War Room
The War Room tab centralizes communication, investigation, and real-time actions, enabling you to tag evidence, collaborate with peers, and manage incidents seamlessly without the need to switch between multiple tools or consoles.
Review Any Playbook Actions
The Work Plan tab displays the playbook triggered by this incident. Playbooks can conduct threat-hunting queries and take remedial actions like blocking indicators and preventing lateral movement, saving time and reducing manual effort while ensuring a thorough response.
Collect Evidence in One Place
The Evidence Board tab consolidates flagged evidence in one place, making it easier to track critical details and create comprehensive reports for stakeholders. This ensures clarity and accountability throughout the incident investigation process.
Simplify Communications
The Email Threads button lets you collaborate and provide timely updates to stakeholders, ensuring transparency and alignment without leaving XSOAR.
Close Incident Tickets With Ease
Finally, it's time to close the incident.
You can open, edit, and close incident tickets directly within XSOAR, eliminating the need to switch to ServiceNow, Jira, Remedy, Slack, or other tools.
Explore Automation Possibilities for Your SOC
Head over to the Cortex XSOAR Marketplace to discover new automation ideas amongst the 1000+ packs contributed by SecOps experts and the world’s largest SOAR community.
Get More Security Done. With Cortex XSOAR.
Let your security analysts focus on what they do best. Let automation handle the rest.
Transform your SOC with Cortex XSOAR.
