Intel Operations (Cyware Orchestrate)
Note
This feature is available in Collaborate v3.8.8.1 onwards.
With Intel Operations (Cyware Orchestrate ), you can centralize threat intelligence from multiple sources and automate the response to security threats and vulnerabilities. helps operationalize threat intelligence by automating collection, enrichment, analysis, and response across your security operations. You can access Intel Operations from the Main Menu.
Note
To use this feature, it must be enabled from the Analyst Portal. For more information, contact your Collaborate administrator.
How does Cyware Orchestrate help you operationalize threat intelligence?
Cyware Orchestrate brings automation and orchestration capabilities to your threat intelligence operations, helping your team respond faster and more efficiently to security incidents. With Orchestrate, you can create actionable playbooks, streamlining your security processes.
Orchestrate supports the following key capabilities:
Playbooks: Automate and orchestrate security operation workflows with a manual or fully automated sequence of actions.
Labels: Add labels to events and playbooks to automatically trigger a playbook when the event occurs.
Run Logs: Review playbook execution details to analyze nodes and troubleshoot errors.
Apps: Connect with various security tools and data sources using prebuilt integrations to enrich your workflows.
Trigger Events: Create trigger events and run playbooks by assigning the same label to both the event and the playbook.
Configure Triggers: Configure triggers to automatically run a playbook when an event occurs in Orchestrate or on any external platform.
Webhooks: Use token-based URLs to securely send or receive data from external systems, enabling real-time event-driven automation.
Cyware Agent: Install Cyware Agent to enable organizations with on-premise applications to access Orchestrate features hosted on the cloud. For example, if Orchestrate is cloud-hosted and your SIEM application is on-premise, you can use Cyware Agent in a playbook to execute actions on the SIEM.
Note
Cyware Agent is available in Collaborate v3.8.9.1 (EA) onwards.
Usage: Monitor your monthly action executions, view usage trends by playbooks or actions, and manage plan limits and tenant details.
Note
Usage is available in Collaborate v3.8.9.1 (EA) onwards.
For more information, contact Cyware support.