Skip to content
/ SX-AO Public

Repository for Cisco SecureX Orchestration Workflows and Atomic Actions

License

View license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iberlinson/SX-AO

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

468 Commits
Atomics
Atomics
 
 
Deprecated
Deprecated
 
 
Hunt-Search-User-Orbital__definition_workflow_01MAOR1X1MB3I49lPNPNTRrjPR5e3Ef3wsX
Hunt-Search-User-Orbital__definition_workflow_01MAOR1X1MB3I49lPNPNTRrjPR5e3Ef3wsX
 
 
Images
Images
 
 
Workflows
Workflows
 
 
.DS_Store
.DS_Store
 
 
Atomics_readme.md
Atomics_readme.md
 
 
Hunt_User_readme.md
Hunt_User_readme.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RT_Monitoring_USECASE.md
RT_Monitoring_USECASE.md
 
 
SecureEP_Remove_InactiveEP_V2_readme.md
SecureEP_Remove_InactiveEP_V2_readme.md
 
 
SecureEP_Remove_InactiveEP_readme.md
SecureEP_Remove_InactiveEP_readme.md
 
 
TGFeed_Umbrella___readme.md
TGFeed_Umbrella___readme.md
 
 
Umbrella_notification_readme.md
Umbrella_notification_readme.md
 
 
WebexAccessToken.md
WebexAccessToken.md
 
 
repositories.md
repositories.md
 
 

Repository files navigation

SX-AO

Repository for Cisco SecureX Orchestration Workflows and Atomic Actions

  • NOTE:
    • If you don't have a SecureX Account, please follow the Quick Start Guide.
    • Detailed instructions to add iberlinson/SX-AO repositories to you Securex Instance can be found HERE
    • How to import a workflow : HERE
    • SecureX Orchestration Documentation : HERE

Available Atomics Actions

  • List and Readme Here*

Available Use Cases (Workflows)

  • 🛎 Cisco Umbrella : Notification on Security Events (Umbrella-Notification-Security-Events)

    • Receive a near real time notification in Webex Teams or via Email on a new domain blobked by Umbrella

      • Use SecureX Orchestration to periodically :
        • Get new security event from last check
        • Notify in Webex Teams on new domains blocked seen for the first time in the organization
        • Maintain a statistic table with number of hits for each domain and current notification status

    • This workflow can be trigger by a schedule to execute every X minutes

    • Use Case and Installations : Detailed informations about the workflow can be found HERE

  • 🔦 Hunt - Search User

    • Search for a given user via :

      • Orbital (Account (Monitoring and Logged_In)
      • Secure Endpoint - User Activity (telemetry)

    • Notify in Cisco Webex or/and via Email about result

    • Create Casebook if user found

    • Use Case and Installation : Detailed informations about the workflow can be found HERE

  • 🧽 Cisco Secure EP - Remove Inactive Endpoints

    • Cisco Seucre Endpoint : Identify and Remove from computers list endpoints with a last seen over a given number of days (default : 45 days)

    • Use Case and Installation : Detailed informations about the workflow can be found HERE

  • TG-Feeds-to-Umbrella-BlockList-2-Tiers-approval

  • 🛎 RT-Monitoring-SecureEP-Umbrella-Notification-Incident

    • Continuous monitoring of Umbrella and/or Secure EP Security events (loop)

    • Near real time Incident creation and update (grouped by endpoint hostname, no duplicate event)

    • Near real time notification on new or updated incident (no duplicate notification for same event occurring multiple times)

    • Statistic tables

    • Use Case and Installations : Detailed informations about the workflow can be found HERE

About

Repository for Cisco SecureX Orchestration Workflows and Atomic Actions

Topics

cisco orchestration securex

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Contributors 2

  •  
  •