SecOps
ITOps
Flow Automation Highlights
Alert Processing from Panther: Panther alerts are automatically received and processed, triggering immediate action. This replaces manual alert monitoring and initial triage, significantly reducing the time between threat detection and response initiation.
Slack Notifications: Security teams are notified about the Panther alert and subsequent actions. This automation eliminates manual communication, ensuring rapid team awareness and swift collaboration on potential security incidents.
Okta Session Revocation: Upon receiving a critical Panther alert, user sessions in Okta are automatically revoked. This task, typically requiring manual intervention, is now executed instantly, dramatically reducing the window of potential unauthorized access and enhancing the overall security posture.
User Access Listing in Okta: After session revocation, the system automatically lists all grants for the affected user in Okta. This provides immediate visibility into the user's access rights, facilitating quick assessment and further action without manually querying user permissions.
Orchestration Toolbox
Panther: In this use case, Panther is the primary alert system for detecting security events. It initiates the workflow by sending webhook alerts about potential threats, enabling rapid response to suspicious activities and ensuring that critical security incidents are immediately addressed.
Slack: Slack is the real-time communication channel for notifying security teams about the Panther alert and subsequent actions. It ensures that relevant team members are promptly informed about the security event, facilitating quick awareness and immediate collaboration on incident response.
Okta: Okta plays a crucial role in access management within this workflow. It's responsible for two key actions: revoking all active identity provider sessions for the affected user and listing all grants associated with that user. This integration allows for immediate containment of potential threats by cutting off access and providing a comprehensive view of the user's permissions for further analysis.
