Integration Use Cases - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-14
End_of_Life
EoL
Category
User Guide
Abstract

The primary use cases of out-of-the-box and custom integrations between Cortex Xpanse Expander and your security ecosystems.

The daily operations of Cortex Xpanse Expander should be central to security operations. Continual assessment, evaluation, and remediation of the organization’s exposed edge is an essential practice for SecOps.

The primary use cases for out-of-the-box and custom integrations between Cortex Xpanse Expander and your security ecosystems include:

  1. Maintain Accurate Asset Inventory—Cortex Xpanse Expander customers are continually integrating Cortex Xpanse Expander with IT and IT security systems that require an accurate source of truth of an organization's public-facing assets.

  2. Generate Alerts—Notifications help speed up awareness of new assets and exposures, and Cortex Xpanse Expanse customers set up SIEM-configured notifications to be alerted on new assets and exposures quickly.

  3. Kick Off Investigations—Cortex Xpanse Expanse customers kick off investigations of exposures via tickets to drive remediation action and reduce the number of exposures on their network edge.

  4. Automate Remediations—Cortex Xpanse Expanse customers create run-books and rules that automate the remediations of certain types of exposures.