Case Management and Automation
With BluSapphire Case-Hub, SOC operations can be automated through a streamlined workflow that minimizes manual work and prioritizes critical security incidents. This ensures that complex security responsibilities are handled and responded to efficiently.
Events Rules: Allows to automate certain operations, such as responding to events dynamically by dismissing them, merging them to cases, adding tags, or updating their severity automatically.
Cases: You can create Cases (or) merge multiple alerts into an existing case and utilize Case Templates to keep track of the investigation of alerts by your analyst.
Intel Lists: Allows you to create your own internal threat intelligence lists or poll from external sources, both of which will improve events and aid analysts in their investigations.
Inputs Module: To enable your SOC to analyze events and alerts from datalake (OpenSearch), you can create inputs. Inputs contain the required configuration to pull data from the backend.
Reflex Query Language (RQL): In Case-Hub, Event-Rules utilize RQL for querying event data. Analysts can automate event actions for the matched events by creating event query rules that involve mutators and expressions.