| Where Can I Use This? | What Do I Need? |
|---|
|
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
A full-featured Cortex XSOAR server
|
From Device Security, you can send a security alert to Nuvolo either by
selecting the check box of an alert on the Alerts Inventory page or from the
Alert Details page. Before forwarding the alert to Nuvolo,
Cortex XSOAR converts it
into a security incident, which Nuvolo receives in its Security
Queue. From there, a Nuvolo user can create a work order for a network
security analyst to investigate.
Strata Cloud Manager
Manually send Security alerts from Device Security in Strata Cloud Manager
through Cortex XSOAR to Nuvolo to make work orders.
Log in to the
Device Security portal and send a Security
alert to Nuvolo.
Click , select the
check box of the alert you want to send as an incident to Nuvolo,
and then click .
Or
Click , click the name of a Security alert, click .
The Send to Nuvolo panel appears.
Enter a priority number using the priority numbering system
in Nuvolo and add a comment.
After you’ve configured these
three required settings, the Send button changes from gray to blue,
indicating that you can proceed.
Send the alert to Nuvolo.
After
you click Send, a link appears. When you
click it, a new browser window opens to the XSOAR playbook for this
action.
To confirm that the work order was sent, click the link to
the
XSOAR playbook for
this action.
For the link in Device Security to open the
corresponding playbook in Cortex XSOAR, you must already be logged
in to your XSOAR instance before clicking it.
The green
boxes in the playbook indicate that a particular step was successfully
performed. Following the path through the playbook gives you feedback
about whether an action was carried out successfully or, if not,
where the process changed course.
Also the action “Sent to
Nuvolo” appears in the Last Action column on the Alerts page in
the
Device Security portal. If you don’t see this column, click the
Columns icon (
) and select
Last
Action.
Log in to Nuvolo and check the Security Queue for receiving
security incidents from
Device Security.
Legacy IoT Security
Manually send Security alerts from the Device Security portal
through Cortex XSOAR to Nuvolo to make work orders.
Log in to the
Device Security portal and send a Security
alert to Nuvolo.
Click , select the
check box of the alert you want to send as an incident to Nuvolo,
and then click .
Or
Click , click the name of a Security alert, click .
The Send to Nuvolo panel appears.
Enter a priority number using the priority numbering system
in Nuvolo and add a comment.
After you’ve configured these
three required settings, the Send button changes from gray to blue,
indicating that you can proceed.
Send the alert to Nuvolo.
After
you click Send, a link appears. When you
click it, a new browser window opens to the XSOAR playbook for this
action.
To confirm that the work order was sent, click the link to
the
XSOAR playbook for
this action.
For the link in Device Security to open the
corresponding playbook in Cortex XSOAR, you must already be logged
in to your XSOAR instance before clicking it.
The green
boxes in the playbook indicate that a particular step was successfully
performed. Following the path through the playbook gives you feedback
about whether an action was carried out successfully or, if not,
where the process changed course.
Also the action “Sent to
Nuvolo” appears in the Last Action column on the Alerts page in
the
Device Security portal. If you don’t see this column, click the
Columns icon (
) and select
Last
Action.
Log in to Nuvolo and check the Security Queue for receiving
security incidents from
Device Security.
