Enhancing Compliance Alert Handling in Cortex XSOAR
Maintaining compliance with regulations and security standards is paramount for organizations in today's dynamic and ever-evolving cybersecurity landscape. However, simply receiving alerts about compliance issues is often not enough to effectively mitigate risks. To address this challenge, we are thrilled to introduce an enhanced use case for handling compliance alerts from Prisma Cloud Compute in Cortex XSOAR.
Introducing Prisma Cloud Compute - Compliance Alert v2
The current use case for handling compliance alerts from Prisma Cloud Compute focuses on mapping limited data to incident fields. While this provides a basic understanding of the issue, it falls short of providing comprehensive visibility into affected resources and the underlying causes of the compliance issues.
What's New in This Enhancement?
1. Enriched Data for Affected Resources
The enhanced use case goes beyond basic data mapping by providing detailed information about affected resources such as images, hosts, and containers. This includes resource names, cloud metadata, enriched compliance issue data (such as severity), and more.
In addition to the enrichment, it also includes an optional section for creating or updating external tickets for each compliance issue.
2. Dedicated Layout for Enhanced Visibility
To aid analyst decision-making, Prisma Cloud Compute - Compliance Alert v2 features a dedicated layout with multiple tabs:
Case Info: Description of the use case and essential case details.
Host/Image/Container Compliance Information: This tab showcases enriched compliance data for the respective resource type, along with action buttons for further insights and automated actions:
- Enrich Compliance Issues: Gain deeper insights into compliance issues by retrieving the actual causes for specific resources.
- Send Compliance Issues via Email: Easily share enriched compliance reports with optional filtering based on issue severity.
Detailed Compliance Issues: Displays results of the further enrichment action, offering deeper insights into the compliance issues.
Ticketing Information: Offers details about external tickets created for each compliance issue, including the ticketing system name, ticket ID, action taken, and ticket title.
The playbook, "Prisma Cloud Compute - Compliance Alert v2," is divided into three sub-playbooks, each tailored to handle a specific resource type: host, image, and container. Data enrichment and external ticket creation occur within each sub-playbook, providing a streamlined and comprehensive approach to compliance alert handling.
A dedicated sub-playbook for each resource type:
Dedicated sub-playbooks for ServiceNow and Jira:
Conclusion
With this enhanced playbook for compliance alert handling, organizations can elevate their compliance management efforts by gaining deeper insights, taking automated actions, and fostering a more proactive approach to security and risk mitigation. By harnessing the power of Cortex XSOAR and Prisma Cloud Compute, security teams can stay ahead of compliance challenges and safeguard their digital assets effectively.
Ready to supercharge your compliance alert handling? Download the Prisma Cloud pack today to enjoy the power of Prisma Cloud Compute - Compliance Alert v2 playbook and experience the difference firsthand!
See the playbook in action.