CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Enhancing Incident Response with 1-Click Entity Isolation

We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents. This new integration saves time, reduces the risk of human error, and allows for faster response to threats, ultimately enhancing the security of your network.

Simplifying Entity Isolation with 1-Click Response

 

 

The 1-Click Response action makes the workflow for SOC analysts significantly more efficient and effective than ever. When a detection is triggered, the Investigator enriches the detection with detailed host information from CrowdStrike Falcon, including crucial entity data such as MAC addresses, hostnames, and operating systems. With this comprehensive view and point-in-time evidence, analysts can swiftly assess the severity of the threat. If immediate action is required, they can isolate the host directly from the Investigator interface with a single click, leveraging CrowdStrike Falcon's Network Contain capability. This seamless process eliminates the need to switch platforms, ensuring rapid and decisive threat mitigation, and saving valuable time in the process.

Removing the isolation is just as straightforward and efficient as initiating it. If further investigation determines that the isolated host no longer poses a threat, analysts can quickly remove the host from isolation directly within the Investigator interface. This ensures that SOC analysts have complete control over the isolation process and can easily remove isolation.

Stay ahead of cyber threats and your incident response with the powerful combination of Investigator and CrowdStrike Falcon. Configure your integration today and experience the robust security benefits of 1-Click Response. This feature empowers you to isolate and remove hosts swiftly, enhancing your network's security.

Recent Posts