Course Hero Logo

Vulnerability management playbook vulnerability

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 7 - 9 out of 13 pages.

Vulnerability Management PlaybookVulnerability management services help enterprises reducetheir attack surface by finding vulnerabilities before the ad-versaries do. Security orchestration playbooks can automateenrichment and context addition for vulnerabilities beforehanding off control to the analysts for manual remediation.By maintaining a balance between automated and manualprocesses, analyst time is not spent in executing repetitivetasks but in making critical decisions and drawing inferences.Let’s look at a walkthrough of a possible vulnerability man-agement playbook, including ingestion, enrichment, andremediation.IngestionThe playbook ingests asset and vulnerability informationfrom a vulnerability management tool, such as Qualys.IngestIngest vulnerability and assetinformation from vulnerabilitymanagement toolClose playbookEnrich Entities• Enrich endpoint and CVE datathrough relevant tools• Add custom fields to vulnerabilitydataVulnerability Context• Check if there are diagnoses,consequences, and remediationstied to the vulnerability• Add vulnerability context toincident dataCalculate SeverityUse gathered context to calculateincident severityRemediateHand over control to analyst formanual remediation or automatepatch applicationVulnerabilitymanagementVulnerabilitymanagementEDRPlaybookFigure 5:Example of a vulnerability management playbook
8Cortexby Palo Alto Networks| Cortex XSOAR for Managed Security Service Providers | White Paper2.Looking at the email “ingredients”—subject, emailaddress, attachments, etc.—the playbook assigns inci-dent severity by cross-referencing these details againstexternal threat databases.3.Next, the playbook extracts IOCs from the email andchecks for any reputational red flags in the SOC’s existingthreat intelligence tools.4.Once this enrichment is done, the playbook checkswhether any malicious indicators were found.ResponseDepending on whether malicious indicators were detectedin the suspected phishing email (see figure 6), one of twobranches will execute.If malicious indicators were detected:1.The playbook emails the affected user further instructions.2.It then scans all organizational mailboxes/endpoints toidentify and delete other instances of the suspected emailto avoid further damage.3.Finally, the playbook adds the malicious IOCs to black-lists/watchlists on the SOC’s other tools.If malicious indicators were not detected, some precautionsare still taken before confirming that the email is harmless:1.The playbook checks for any attachments in the emailand, if found, detonates them in a sandbox for furtheranalysis.2.If that analysis doesn’t throw up any alarms, the play-book can give way to analysts for qualitative and manualinvestigation. Once the analysts are satisfied the email isbenign, the playbook sends an email to the affected userapprising them of the false alarm.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 13 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
NoProfessor
Tags
Information Security, Computer Security, Security guard, Cortex XSOAR

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture