Ecaldima Cybersecurity Engine

Optimal Solution for Automatic Creation of Cybersecurity Incidents

Ecaldima Cybersecurity Engine

Detected Problems

Coordination of technical and decision-making resources is complicated if the cybersecurity incident is not recorded on time and correctly. Not having centralized data wastes valuable time in communication and can lead to wrong decisions. All the time spent by an operator to register a cybersecurity incident is time that is not spent analyzing the cyber attack. In the post-analysis phase, all the information in an email chain does not allow to identify weaknesses with precision.

Ecaldima focuses on improving

  • Reactivity

    Reduce the time between the detection of the cyber attack and the registration in the Ticketing system.

  • The communication

    Automatically report to the decision chain with all the data without losing a single information.

  • Mitigation

    With the automatic assignment of an alert to the correct team and the complete view of all the information in one place.

  • Prevention

    With each information recorded in a field with name and value to easily identify weaknesses.

Ecaldima Cybersecurity Engine

The Ecaldima Cybersecurity Engine Solution

  • The transformation of alerts into cybersecurity incidents in real time

  • Automatic assignment to the right team

  • The CAPEC classification to unify the language.

  • Integration with Ecaldima Ticket Management for the effective management of incidents.

Ecaldima Cybersecurity Engine
Ecaldima Cybersecurity Engine

More reactivity

Ecaldima Cybersecurity Engine processes alert messages received by E-mail, Syslog or API. In a matter of seconds the message is registered as an incident and all the automatic actions programmed for each type of case begin: – Notice by E-mail – Assignment to the specialized group – Execution of scripts – Calls to Web Services. The operators of the cybersecurity operations centers can act immediately with the exact and detailed information of the cyberattack distributed in different fields of the incident and classified according to MITRE. (mitre.org)

Ecaldima Cybersecurity Engine

More productivity

With the integration in Ecaldima Ticket Management, this solution increases productivity in this type of incident due to:

  • The Dashboard where the incidents of its scope and their respective priority level appear.
  • Ability to modify the priority of an incident when the SLA threshold is reached.
  • Real-time SLA compliance statuses.
  • Indicators that allow decisions to be made regarding the level of priority that should be applied to a specific incident.
  • A quick search based on title, description and actors and an advanced search to refine the results and search the entire history of the incidents.
  • The KPIs (Key Performance Indicators) available in Ecaldima Ticket Management that allow to measure management times and the volume of incidents from various points of analysis. Reports show trends by day, week, month, or year.
  • Ready to use.

Ecaldima Cybersecurity Engine Features

Integration

Ecaldima Cybersecurity Engine transforms Syslog or E-mail messages from SIEM, DarkTrace and Arbor into cybersecurity incidents. For full integration into the business ecosystem, Ecaldima Cybersecurity Engine uses PowerShell script execution actions, Web Services call, and SQL queries.

Ready to use

Thanks to its integration with Ecaldima Ticket Management, the platform comes parameterized with the most common rules and customizable email templates. Just upload the logo, create the users, and you’re all set to go.