SecOps
Flow Automation Highlights
Retrieving Detections from CrowdStrike: Mindflow automates the retrieval of detections from CrowdStrike, eliminating the need for security teams to manually extract incident data. This automation ensures that all relevant detections are promptly gathered, reducing the time and effort required for initial data collection and minimizing the risk of missing critical information.
Enriching Incident Data with VirusTotal: Once the detections are retrieved, Mindflow automates the enrichment of this data by querying VirusTotal. This process involves analyzing hash keys, URLs, and IP addresses to determine their malicious nature. Compared to manual enrichment, this automation significantly speeds up the process, ensuring comprehensive and up-to-date threat intelligence without the manual overhead.
Creating and Managing Cases in TheHive: Mindflow automates the creation of cases in TheHive based on the enriched data. This includes adding observables for confirmed threats and closing cases for benign findings. Automating case management ensures that incidents are accurately documented and tracked, streamlining the response workflow and enabling more efficient and organized incident handling.
Orchestration Toolbox
CrowdStrike: In this use case, CrowdStrike is the source of detection data. Mindflow retrieves detections and detailed information about potential security incidents from CrowdStrike. This ensures that all relevant threat data is collected accurately and efficiently without manual intervention.
VirusTotal: VirusTotal enriches the detection data obtained from CrowdStrike. Mindflow automates analyzing hash keys, URLs, and IP addresses using VirusTotal. This enrichment provides deeper insights into the nature of the threats, helping to identify malicious elements quickly and accurately.
TheHive: TheHive is the platform used for case management. Mindflow automates creating and managing cases within TheHive based on enriched threat data. It adds observables for confirmed threats and closes cases for benign findings, ensuring that incidents are tracked and managed systematically and efficiently.
