SecOps
CloudOps
Flow Automation Highlights
GuardDuty Alert Reception
Mindflow automates the ingestion of GuardDuty alerts, which in manual workflows demand continuous monitoring. This automation ensures immediate alert capture, enhancing the speed of threat recognition and response.
EC2 Instance Retrieval
Upon detection of an IOC, Mindflow automates the retrieval of the implicated AWS EC2 instance. If done manually, this task would require navigating through the AWS console, which is time-consuming and prone to human error.
Jira Issue Creation
Mindflow creates a Jira issue for the incident, automating what would typically be a multi-step manual process. This integration saves time and ensures accurate logging of incidents for further action.
Slack Communication
Mindflow triggers an automated message in Slack to the SOC team. Manually, this would require drafting and sending notifications, which is slower and increases the risk of delayed responses
Incident Assessment and Action
Based on the response from the SOC team on Slack, Mindflow either isolates the instance for further investigation or closes the issue. Manual handling of this step would involve multiple communications and manual updates across platforms.
Instance Isolation
If isolation is necessary, Mindflow automates the adjustment of security groups and key pairs in AWS EC2. This replaces a series of manual steps in the AWS console, expediting the containment of a potential security threat.
EC2 Snapshot Creation
Mindflow automates the snapshot creation of the EC2 instance's EBS volume, a critical step in incident response that would otherwise involve navigating AWS's interface and executing multiple manual commands.
Orchestration Toolbox
AWS GuardDuty
AWS GuardDuty plays the vital role of the alerting system in this use case. It detects potential threats and triggers the automated workflow in Mindflow, replacing the need for continuous manual monitoring.
AWS EC2
AWS Elastic Compute Cloud (EC2) is central to incident response, as it is where the potentially compromised instances are managed. Mindflow automates interactions with EC2, such as retrieving instances, attaching isolation policies, and managing snapshots, which are otherwise manual and complex tasks.
Atlassian Jira
Jira functions as the incident tracking tool in this workflow. It records and updates the status of the incident throughout the process. Mindflow automates this documentation and updates in real time, which, if done manually, would be labor-intensive and prone to delays.
Slack
Slack is the communication platform integrated into this workflow. It is used to notify and receive input from the security operations center (SOC) team. Mindflow automates these notifications, thereby accelerating the decision-making process, a task that is usually dependent on manual messaging.
