Coordination of technical and decision-making resources is complicated if the cybersecurity incident is not recorded on time and correctly. Not having centralized data wastes valuable time in communication and can lead to wrong decisions. All the time spent by an operator to register a cybersecurity incident is time that is not spent analyzing the cyber attack. In the post-analysis phase, all the information in an email chain does not allow to identify weaknesses with precision.
Ecaldima Cybersecurity Engine processes alert messages received by E-mail, Syslog or API. In a matter of seconds the message is registered as an incident and all the automatic actions programmed for each type of case begin: – Notice by E-mail – Assignment to the specialized group – Execution of scripts – Calls to Web Services. The operators of the cybersecurity operations centers can act immediately with the exact and detailed information of the cyberattack distributed in different fields of the incident and classified according to MITRE. (mitre.org)
With the integration in Ecaldima Ticket Management, this solution increases productivity in this type of incident due to:
- The Dashboard where the incidents of its scope and their respective priority level appear.
- Ability to modify the priority of an incident when the SLA threshold is reached.
- Real-time SLA compliance statuses.
- Indicators that allow decisions to be made regarding the level of priority that should be applied to a specific incident.
- A quick search based on title, description and actors and an advanced search to refine the results and search the entire history of the incidents.
- The KPIs (Key Performance Indicators) available in Ecaldima Ticket Management that allow to measure management times and the volume of incidents from various points of analysis. Reports show trends by day, week, month, or year.
- Ready to use.
Ecaldima Cybersecurity Engine transforms Syslog or E-mail messages from SIEM, DarkTrace and Arbor into cybersecurity incidents. For full integration into the business ecosystem, Ecaldima Cybersecurity Engine uses PowerShell script execution actions, Web Services call, and SQL queries.
Thanks to its integration with Ecaldima Ticket Management, the platform comes parameterized with the most common rules and customizable email templates. Just upload the logo, create the users, and you’re all set to go.