OVERVIEW
This course will provide a comprehensive overview of the integration capabilities of SafeBreach. The focus will be on how SafeBreach integrates with other security tools and systems to provide a complete and effective security solution. Topics covered will include integration with SIEM systems, firewalls, and endpoint protection solutions, as well as APIs and automation tools for integrating SafeBreach into existing security workflows. The course will also cover best practices for deploying and utilizing SafeBreach in real-world environments to enhance overall security posture and simplify security operations. Upon completion, participants will have a thorough understanding of how to effectively integrate SafeBreach into their existing security infrastructure.
In this course, you will learn :
- The different integration types
- The deployment options and the need for a collector
- How integrations work in general
- The integration processes that enables the workflow with SafeBreach
Lesson 1 – Integrations Overview
In this lesson, you will learn about the different types of integrations, and understand the use cases for each one of them.
SafeBreach can be integrated to different types of 3rd-party vendors. Integration with your existing security products can increase the effectiveness of our product significantly.
Integration types :
Automatically correlate simulated attacks with security events from multiple sources. Integrations include Arcsight Logger, Azure Sentinel, Firepower, Google Chronicle, LogRhythm, Netwitness Platform, QRadar, Splunk, and more.
Automatically correlate simulated attacks with security events pulled from the specific endpoints and network controls. Integrations include Carbon Black Defense, Cisco AMP, Cisco Secure Email, Cisco Umbrella, Cortex XDR, CrowdStrike Falcon, Cybereason, Cylance Protect and Optics, FireEye HX, BigQuery, McAfee ePO, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Palo Alto Panorama, SentinelOne, Tanium Threat Response, and more.
Prioritize vulnerabilities by exploitability and impact based on SafeBreach simulations. Integrations include Tenable Nessus, Qualys, Rapid7 Nexpose, Tenable.io , Tenable.sc., and more
Simulate attacks generated from IOCs of the latest threats. Integrations include Alienvault OTX, ThreatConnect, ThreatQ, Unit42, VirusTotal, and more.
Receive notifications about system events and create incidents for automated remediation actions. Integrations include Email Notifications, Jira Service Desk, Cortex XSOAR, ServiceNow, Slack, Splunk Phantom, Syslog CEF (outbound), and more.
Lesson 2 – Deployment Options
Learn about the two deployment options that we offer, and understand the purpose of the collector.
The Collector
SafeBreach Collector is required to integrate with on-premise security devices when SafeBreach Management is deployed in the cloud. The SafeBreach Collector can be downloaded as an OVA to be deployed on a virtual machine, such as VMware.
After you understand the integration types and the way that they affect the system capabilities, you can move on to the next lesson and dive deep into the integration processes which are running behind the scenes.
Lesson 3 – How Do Integrations Work?
Learn about the integration processes. By understanding them, you will be able to perform basic troubleshooting and fix correlation and parsing issues by yourself.
Integration types :
Establishes the encrypted connection between SafeBreach management service and the 3rd-party integration via HTTPS.
Responsible for mapping the fields from the different log files and normalizing different fields to create standard SafeBreach events.
Responsible for matching the events fetched from the security controls and the SIEM to SafeBreach events, to detect the success or failure of attacks.
Congratulations !
You have finished the system deployment course. Proceed to the next course – Analysis & Remediation course
