CloudOps
SecOps
Flow Automation Highlights
Alert Reception from Lacework: The workflow automatically receives and processes Lacework security alerts. This eliminates the need for manual monitoring and initial triage, reducing response time from hours to minutes and ensuring no critical alerts are missed.
AWS Environment Assessment: Upon receiving an alert, Mindflow automatically queries relevant AWS services (S3, IAM, EC2) to gather contextual information. This task, which typically requires manual investigation across multiple AWS consoles, is completed in seconds, providing a comprehensive view of the affected resources.
Jira Ticket Creation and Update: The workflow creates a Jira ticket with all pertinent information from Lacework and AWS, and updates it as the investigation progresses. This automation replaces manual ticket creation and updates, ensuring consistent documentation and freeing up security analysts to focus on complex decision-making rather than administrative tasks.
Automated Remediation Actions: Based on predefined criteria, Mindflow can execute automated remediation actions in AWS, such as modifying security groups or revoking IAM permissions. This immediate response capability significantly reduces the window of vulnerability compared to manual intervention, which often involves multiple approval steps and manual execution.
Orchestration Toolbox
Lacework: Lacework serves as the primary security monitoring tool in this workflow. It detects and alerts on potential security threats or compliance violations in the cloud environment. Lacework's integration with Mindflow enables immediate processing of these alerts, initiating the automated investigation and remediation process.
AWS S3: Amazon S3 is queried to gather information about the storage buckets related to the alert. Mindflow interacts with S3 to check bucket configurations, access policies, and recent activities, providing crucial context for the security investigation without manual API calls or console checks.
AWS IAM: In this workflow, AWS Identity and Access Management (IAM) is used to assess and potentially modify user or role permissions. Mindflow automates the process of reviewing IAM policies and making necessary adjustments to mitigate security risks, a task that typically requires careful manual intervention.
AWS EC2: Amazon EC2 instances are examined as part of the alert investigation. Mindflow queries EC2 to gather details about the affected instances, including security group configurations and recent activities, streamlining what would otherwise be a manual review process across multiple EC2 dashboards.
Jira: Atlassian Jira is utilized for ticket creation and management throughout the investigation and remediation process. It serves as the central repository for all information related to the alert, automating documentation that would typically require manual entry and updates by security analysts.
