Active Response - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-03-28
Last date published
2024-05-13
Category
User Guide
Solution
Cloud
Abstract

Automate ASM alert investigation and remediation with the Cortex Xpanse Active Response add-on module.

Active Response is an add-on module for Cortex Xpanse Expander that provides built-in automation and playbooks to augment alert investigation and where applicable, fully remediate risks automatically. Each time Xpanse creates a new alert, Active Response runs a predefined playbook (which is a workflow that fully or partially automates the response to an alert.) The playbook execution changes dynamically based on the details of the alert (such as the type of service detected), integrations that have been configured (such as AWS or ServiceNow), and whether or not you have defined remediation path rules (which tell the playbook how to respond to specific alerts). For alerts that don't have remediation path rules, the playbook will prompt you for input at key points during the workflow, enabling you to make remediation decisions while still getting the benefits of an automated workflow.

Active Response enables you to proactively address your attack surface risks, which will in turn reduce the frequency and severity of security incidents. Additional benefits include the following:

  • Automatically connects to all your security and IT tools to gather applicable context.

  • Uses machine learning to analyze collected data to surface key insights to analysts.

  • Includes built-in remediation playbooks to eliminate critical attack surface risks, such as exposed Remote Desktop Protocol (RDP) servers and insecure OpenSSH.

  • Places security teams in control of how they want to address various types of risks by granting granular controls for choosing a remediation path.

  • Validates that remediation was successful by rescanning assets.

  • Ensures your security team is in control by auditing every action taken and rolling up investigation details into useful dashboards and reports.