SecOps
Flow Automation Highlights
Get Detections in Crowdstrike Falcon: Mindflow automates the retrieval of detections from Crowdstrike Falcon, eliminating the need for security analysts to log into the platform and search for relevant alerts manually. This saves significant time and effort, allowing analysts to focus on higher-value tasks.
Explode Detections: Mindflow automatically extracts critical information from the Crowdstrike detections, such as file hashes and IP addresses. When performed manually, this task is time-consuming and prone to errors. Automating this process ensures the accuracy and completeness of the extracted data, enabling more efficient threat analysis.
Search for Process SHA256 in VirusTotal: Mindflow integrates with VirusTotal to automatically search for the extracted file hashes, providing additional context and threat intelligence. Manual searches in VirusTotal are repetitive and slow, often leading to delays in the investigation process. Automating this task accelerates the analysis and enables faster decision-making.
Create Issue in Jira: Mindflow automatically creates a Jira issue with the relevant details from the Crowdstrike detection and VirusTotal analysis. This replaces the manual process of creating tickets, copying information, and updating fields, which is time-consuming and error-prone. Automation ensures consistency, accuracy, and timely creation of Jira issues for tracking and collaboration.
Send Adaptive Message in Microsoft Teams: Mindflow sends an adaptive message in Microsoft Teams, notifying the relevant teams about the detected threat and providing a link to the Jira issue. This automated communication eliminates the need for manual notifications and ensures that all stakeholders are promptly informed, enabling faster response times compared to traditional methods.
Orchestration Toolbox
Crowdstrike Falcon: In this use case, Crowdstrike Falcon serves as the primary source of threat detection. It provides the initial data that triggers the automated incident response workflow. By integrating with Crowdstrike Falcon, Mindflow can quickly retrieve relevant detections and begin the analysis process.
VirusTotal: VirusTotal plays a vital role in enhancing the threat analysis process. It searches for the extracted file hashes from the Crowdstrike detections, providing additional context and threat intelligence. By automating the interaction with VirusTotal, Mindflow accelerates the investigation process and enables more informed decision-making.
Jira: Jira serves as the centralized platform for creating and managing issues related to the detected threats. Mindflow automatically creates Jira issues, populating them with relevant information from the Crowdstrike detections and VirusTotal analysis. This integration ensures that all incidents are appropriately documented, tracked, and collaborated, streamlining the incident response process.
Microsoft Teams: Microsoft Teams is the communication channel that notifies relevant teams about detected threats. Mindflow sends adaptive messages in Microsoft Teams, providing a summary of the incident and a link to the corresponding Jira issue. This integration ensures that all stakeholders are promptly informed and can collaborate effectively to resolve the security incident.
