| Where Can I Use This? | What Do I Need? |
|---|
|
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
AND
A free Cortex XSOAR Engine (on-premises integration)
A full-featured Cortex XSOAR server
|
From Device Security, you can send vulnerability instances to
SoftPro Medusa. Before forwarding the vulnerability to
SoftPro Medusa, Cortex XSOAR converts it into a security
incident, which SoftPro Medusa receives. From there, a
SoftPro Medusa user can create a work order for a network security
analyst to investigate.
When sending vulnerability instances to SoftPro Medusa, you can choose
to send:
If a vulnerability affects multiple devices, then Device Security sends a single
ticket that includes all affected devices, instead of sending a separate
ticket for each affected device.
After you send a vulnerability to SoftPro Medusa, you can view the ticket
on your SoftPro Medusa instance.
Strata Cloud Manager
Manually send vulnerabilities from Device Security in Strata Cloud Manager through
Cortex XSOAR to SoftPro Medusa to make work orders.
Log in to
Device Security in
Strata Cloud Manager and send a
vulnerability instance to
SoftPro Medusa.
From the Device Details page:
Navigate to and select the device with a vulnerability that you
want to send to SoftPro Medusa. On the Device Details
page, click on the Vulnerabilities tab,
select the vulnerability that you want to send, and select
.
From the Vulnerability Details page:
Navigate to and select the vulnerability that you want to send to
SoftPro Medusa. On the Vulnerability Details page, under
select the check boxes for the vulnerability instances that you
want to send to SoftPro Medusa. After you have chosen the
instances, select .
In the Send to
SoftPro Medusa pop-up that appears, fill in the
following fields:
Priority: Enter a priority number that your
SoftPro Medusa system analyst can use to correlate with
the priority numbering system in SoftPro Medusa.
Add Comments: Add any additional comments
that would help with the risk mitigation workflow.
Send the vulnerability to
SoftPro Medusa.
After you click Send, a link to the
Cortex XSOAR playbook appears at the bottom of the pop-up. The link
opens a new tab or window to see the Cortex XSOAR playbook for this
action.
To confirm that the vulnerability successfully reached
SoftPro Medusa, click the link to the
Cortex XSOAR playbook
for this action.
For the link in Device Security to open the corresponding work plan
in Cortex XSOAR, you must already be logged in to your cloud
Cortex XSOAR instance before clicking on the link. If you have
an on-premises Cortex XSOAR, you need to search the incidents
on your Cortex XSOAR to find the work plan.
Follow the path through the playbook to see if the action completed
successfully, or to triage where the action may have failed.
Legacy IoT Security
Manually send vulnerabilities from the Device Security portal through
Cortex XSOAR to SoftPro Medusa to make work orders.
Log in to the
Device Security portal and send a vulnerability instance to
SoftPro Medusa.
From the Device Details page:
Navigate to and select the device with a vulnerability that you
want to send to SoftPro Medusa. On the Device Details
page, click on the Vulnerabilities tab,
select the vulnerability that you want to send, and select
.
From the Vulnerability Details page:
Navigate to and select the vulnerability that you want to send to
SoftPro Medusa. On the Vulnerability Details page, under
select the check boxes for the vulnerability instances that you
want to send to SoftPro Medusa. After you have chosen the
instances, select .
In the Send to
SoftPro Medusa pop-up that appears, fill in the
following fields:
Priority: Enter a priority number that your
SoftPro Medusa system analyst can use to correlate with
the priority numbering system in SoftPro Medusa.
Add Comments: Add any additional comments
that would help with the risk mitigation workflow.
Send the vulnerability to
SoftPro Medusa.
After you click Send, a link to the
Cortex XSOAR playbook appears at the bottom of the pop-up. The link
opens a new tab or window to see the Cortex XSOAR playbook for this
action.
To confirm that the vulnerability successfully reached
SoftPro Medusa, click the link to the
Cortex XSOAR playbook
for this action.
For the link in Device Security to open the corresponding work plan
in Cortex XSOAR, you must already be logged in to your cloud
Cortex XSOAR instance before clicking on the link. If you have
an on-premises Cortex XSOAR, you need to search the incidents
on your Cortex XSOAR to find the work plan.
Follow the path through the playbook to see if the action completed
successfully, or to triage where the action may have failed.
