ThreatOps™ Incident Handling and Response
The ThreatOps™ solution accelerates incident response by adding repeatable playbook functionality to the ThreatDefendTM platform. The ThreatOps solution is an add-on license to the BOTsink® or ACM appliances and is designed to combine and automate technology and processes to streamline and improve incident handling and attack investigation. The solution works by gathering attacker engagement information from the BOTsink deception server, memory forensics, and other sources, empowering security staff with the ability to create and de ne playbooks based on their security policies.
This solution brief will go into more detail about the following topics:
- Investigation Automation
- Playbooks, Automated Incident Reponse, and Remediation
- Integrations for Automated Incident Response