04-12-2023 06:30 AM
Our organisation is rolling out a Proof of Concept for SecureX. As part of this, we want to integrate Microsoft Defender, Azure Sentinel and our ticket management system HaloITSM. All of the above utilise REST APIs.
However, I cannot see an option within SecureX for these as out-of-the-box integrations. Is it possible at all to add anything non-standard as an integration and if so how?
Thanks in advance for any assistance, I could not find any documentation about this.
Solved! Go to Solution.
04-12-2023 06:43 AM
04-12-2023 06:43 AM
04-12-2023 08:16 AM
How to implement a custom SecureX integration is dependent on what you want the integration to achieve.
- If you want Defender and Sentinel to forward incidents into SecureX for handling, you will need those technologies to make calls to the SecureX API, or middleware that does so.
- If you want to be able to query those tools for enrichment details (sightings etc) of items you are investigating in SecureX, you will need a SecureX relay that queries them.
- If you want to take response actions using those technologies, you can also use the relay if you made one for the above reason, or you can create Orchestration workflows to enact those responses.
- If you want Incidents in SecureX to be forwarded to Halo, you can create a workflow to do so (or modify the existing ServiceNow workflows that do similar)
These videos will give you more information:
https://www.youtube.com/watch?v=--k3PiT-d6g&list=PLmuBTVjNfV0dlZ_DYgNiZ7SBlWVB0ae33&index=2
https://www.ciscolive.com/on-demand/on-demand-library.html?search=securex#/session/1675722365732001tevZ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide