OTHER ENDPOINT PROTECTION CASE STUDY
Customer is a leading SIEM solution provider.
They provide a platform for companies to aggregate and act upon Threat Intelligence.
Customer requested for the integration of their product with Carbon Black
Sacumen developed the Connector app that enhances the threat detection capabilities of SIEM platform by collecting and analysing log data from the Carbon Black applications and provides orchestration actions to streamline incident response activities.
CB Response, CB Protection, CB Defense sends the Syslog to the SIEM’s syslog server. Connector App processed the incoming syslog, parses it, maps to events fields and feed into the SIEM Platform.
SIEM initiates call to CB Response to isolate an endpoint instantly – through a user-executed action or an automated rule. Connector makes REST API call to CB Response to isolate an endpoint.