09_CaseHub

Case Management and Automation

Overview

With BluSapphire Case-Hub, SOC operations can be automated through a streamlined workflow that minimizes manual work and prioritizes critical security incidents. This ensures that complex security responsibilities are handled and responded to efficiently.

Features

Events Rules: Allows to automate certain operations, such as responding to events dynamically by dismissing them, merging them to cases, adding tags, or updating their severity automatically.

Cases: You can create Cases (or) merge multiple alerts into an existing case and utilize Case Templates to keep track of the investigation of alerts by your analyst.

Intel Lists: Allows you to create your own internal threat intelligence lists or poll from external sources, both of which will improve events and aid analysts in their investigations.

Inputs Module: To enable your SOC to analyze events and alerts from datalake (OpenSearch), you can create inputs. Inputs contain the required configuration to pull data from the backend.

Reflex Query Language (RQL): In Case-Hub, Event-Rules utilize RQL for querying event data. Analysts can automate event actions for the matched events by creating event query rules that involve mutators and expressions.

Last updated