This Workflow creates a Case in Cisco SecureX Casebook and an associated TheHive Case, where all Observables are synced!
NOTE: Please be aware of, that there are different regions available for SecureX:
The goal is to handover Observables from SecureX to TheHive via the built-in orchestrator (SecureX Orchestration (SXO)) Workflows.
Features:
- faster Incident Respond and handover to the SOC Team
- easy exchange Observables from Cisco Secure platform into TheHive SIRP
- automatic Observable enrichment into TheHive via Casebook Browser PlugIn
- no more manually Copy & Paste action
- no more typos by adding Observables by typing
- automated start of Cortex Anaylzer by just adding the observables
- completely independent, only a website is needed to extract the observables
AO Workflow: ". . . create Casebook and sync it with TheHive 🐝"
Sync Obseravables from SecureX Casebook to TheHive (manual task via SXO Response Action in Threat Response)
add slide about the sync
SXO Workflow: "Parse Casebooks Observables and add missing to TheHive 🧩"
Integration of Casebook Browser PlugIn to add Observables into TheHive Case (via a Cisco Casebook Case)
add slide about Casebook Integration
SXO Workflow: not needed - scheduled Workflow