ITOps
SecOps
Flow Automation Highlights
Data Retrieval from Webhook
Mindflow automates the retrieval of alert data from Office 365, which would otherwise be a manual and potentially slow process. This ensures that data is captured in real time, providing a quicker start to the investigation process.
Alert Management and Filtering
The Mindflow automation includes filtering alerts based on predefined criteria, a task that would be manually exhaustive given the volume of alerts in an enterprise environment. This automation allows for focusing on high-priority issues, enhancing the efficiency of the security team.
Data Enrichment from Various Sources
Mindflow enriches the alert data by automatically pulling in additional information from ElasticSearch, Microsoft Graph, VirusTotal, and DeHashed. Manually, this would require accessing multiple platforms and correlating data, a time-consuming and error-prone process.
Zendesk Ticket Creation
Finally, Mindflow automates the creation of a Zendesk ticket for suspicious activity. This replaces the manual task of logging incidents, which can delay the response time and add to the workload of security personnel.
Orchestration Toolbox
ElasticSearch
ElasticSearch acts as the investigation starting point by providing a powerful search capability. It quickly retrieves and analyzes large volumes of log data to identify patterns or anomalies that may indicate suspicious activities.
Microsoft Graph
Microsoft Graph is used to retrieve detailed user information from Azure. It automates the process of gathering user data, which is crucial for understanding the context of the alert and for any subsequent investigation steps.
VirusTotal
VirusTotal contributes by offering automated IP scan reports. It enriches the investigation by providing additional intelligence on IP addresses associated with the alerts, which can help in assessing the threat level.
DeHashed
DeHashed is involved in searching and retrieving information associated with the user's email. This can be particularly useful for identifying if any credentials have been compromised or exposed in data breaches.
Zendesk Support
Zendesk Support is the final step in the automation process. It is used for creating support tickets automatically, which enables tracking and resolution of the incident within the support team's workflow.
