Lead Image © Kurhan, 123RF.com

Lead Image © Kurhan, 123RF.com

Incident analysis with The Hive and Cortex

Searching for Clues

Article from ADMIN 66/2021
Deployed together, The Hive platform and Cortex automation tool optimize the workflow for your incident response team.

The number of IT security incidents in the enterprise is constantly increasing, and the security of the internal infrastructure is a permanent challenge for many companies, whether the company's Security Operation Center (SOC) maintains its own team for incident analysis – a Computer Emergency Response Team (CERT) or Computer Security Incidence Response Team (CSIRT) – or initially handles monitoring and incident response as a task itself.

In addition to already fairly extensive tasks (e.g., keeping a constant eye on the infrastructure, detecting attacks at an early stage, and containing the damage attackers potentially could cause), SOCs also have other responsibilities. Incident management, authoring and monitoring situation reports, and information protection with classic risk management and business continuity are all relevant to risk prevention. As an analyst, then, you are dependent on established reporting tools and techniques for the continuous analysis of data to conduct root cause research reliably and respond to the threat in the event of damage.

Threat intelligence analysis uses a variety of tools to help gather information and share insights. Various tools let you process security incidents. In addition to GRR Rapid Response [1] or MISP [2], the list of free incident response platforms includes The Hive [3], which is being further developed by analysts from SOCs and CERTs and already offers a successful environment for automation-capable analysis of large and small volumes of data with its basic feature set – above all, thanks to its flexible extensibility. To connect to other platforms and engage in an exchange with other analysts, the developers rely on MISP, an established sharing platform.

Cortex [4] is another

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus