Chapter 7: Frequently Asked Questions about Alert Triage and Investigation
Q: How easy is it to set up integrations with solutions like Sentinel One or Microsoft Defender?
A: Setting up integrations with EDR solutions such as Sentinel One or Microsoft Defender is straightforward. All you need is a lightweight Linux box that’s connected to both our analysis tool and your EDR solution. This Linux box serves as the bridge between the two, ensuring that alerts trigger the integration. The process involves configuring the Linux box to collect alerts and direct relevant files to VMRay for analysis. The integration can be completed within hours or even less, and our GitHub repository provides step-by-step guidance on the setup. With the simplicity of generating an API key and following the setup instructions, you can swiftly establish a seamless integration that enhances your threat detection and response capabilities.
VMRay’s integration philosophy prioritizes simplicity and value addition. Our aim is not to add an additional layer of complexity, but rather to reduce the complexity that SOC teams often face. Our seamless integrations with major EDR/XDR vendors like VMware Carbon Black, SentinelOne, Microsoft Defender for Endpoints, and others, ensure that you’re leveraging your existing tools to their fullest potential. Similarly, our connectors for major SOAR vendors, SIEM solutions, and Threat Intelligence Providers are designed to enhance your capabilities while streamlining your operations. The goal is to empower SOC teams with unified, actionable insights, without overwhelming them with additional complexity.
It’s worth noting that these integrations are available for VMRay FinalVerdict and VMRay TotalInsight users, reinforcing our commitment to simplifying your security operations and maximizing the value you get from your existing tools and systems.
Q: Do you support the deployment of integrations? Do you offer any services to make it easier for us?
A: Absolutely, we understand the importance of seamless integration without adding complexity. VMRay provides a comprehensive suite of professional services to simplify and enhance your experience. Our commitment goes beyond exceptional products; we offer a range of high-quality services to ensure smooth onboarding, efficient configuration, and integrations.
X-press Onboarding: Our express onboarding service ensures swift deployment, guided configuration, and expert assistance.
Automation Integration Deployment: Seamlessly integrate our solutions with your existing tools to fortify your cybersecurity infrastructure and enhance automation.
Bespoke Training: Empower your team with tailored training options, from video recordings to in-person sessions, to maximize the value of our offerings.
Annual Support Package: Our commitment extends beyond implementation. Benefit from annual service reviews, quarterly configuration tuning, a customer web portal, and 24/7 coverage, ensuring ongoing success.
At VMRay, our focus is on breaking down skills barriers, ensuring your success, and simplifying the process of integrating our solutions into your security stack. We’re here to make your journey smoother in the dynamic cybersecurity landscape.
Q: Can VMRay be used to automatically triage and enrich alerts for ServiceNow?
A: Sure. While we don’t have an out-of-the-box integration listed on the ServiceNow marketplace, VMRay offers an open API that allows for customized integrations, including with ServiceNow.
Customers have successfully created their own integrations to streamline the process of automatically triaging and enriching alerts. Whether it’s ServiceNow, Jira, or other ticketing systems, our open API enables you to tailor the integration to your specific needs. Our support team is ready to assist you in setting up and implementing these customized integrations.
