Configure ACD Integrations
In Automated Collective Defense (ACD), you can configure integrations such as Splunk Enterprise, IBM QRadar, Mimecast, ServiceNow ITSM, and more, to handle the detection and actioning of indicators. You can configure automation rules to automate the process of handling these indicators, which reduces the overall time and effort that you spend manually handling them.
Integrations in ACD are divided into two types:
Detect: Retrieve data from Integrations using Webhooks | Action: Configure Actions for Integrations |
|---|---|
Integrations used for the detection or ingestion of indicators are available in Detect. The supported detect integrations include Amazon GuardDuty, IBM QRadar, Microsoft Sentinel, and Splunk Enterprise. In this category, you can utilize webhooks to retrieve data from these integrations. This data is then ingested into ACD and can then be accessed in Intel Repository > My Collection. For more information, see Configure Detect Integrations. | Integrations that are used for actioning on intel received from the network are available in Action. You can use any app from the Cyware Orchestrate App Store for actioning. In this category, you must first establish a connection with the integration by providing authentication details. Subsequently, create a playbook with actions you want to run, and then execute the playbook to take action on indicators. For more information, see Configure Action Integrations. |