SOAR Automation: Palo Alto Cortex XSOAR Playbooks for MISP Threat Intel Enrichment and TheHive Project Integration

Sandhya Guduru

Abstract: This paper explores the integration of Palo Alto Cortex XSOAR playbooks with MISP (Malware Information Sharing Platform) for threat intelligence enrichment and TheHive Project for case management. The integration aims to automate and streamline security operations by enriching threat indicators and facilitating effective incident response. Additionally, the paper discusses the automation of Tanium-driven endpoint isolation and its mapping to the MITRE ATT&CK framework for better prioritization of threats. This integration allows security teams to improve their operational efficiency by leveraging automation and intelligence sharing, ultimately enhancing the detection, response, and remediation of security incidents in real-time. Through a detailed analysis, we explore how these automated playbooks can create a more efficient and coordinated response to cyber threats.

Keywords: SOAR, Cortex XSOAR, MISP, TheHive, Tanium, endpoint isolation, MITRE ATT&CK, automation, threat intelligence enrichment, security operations

How to Cite?: Sandhya Guduru, "SOAR Automation: Palo Alto Cortex XSOAR Playbooks for MISP Threat Intel Enrichment and TheHive Project Integration", Volume 11 Issue 11, November 2022, International Journal of Science and Research (IJSR), Pages: 1545-1548, https://www.ijsr.net/getabstract.php?paperid=SR22113123451, DOI: https://dx.doi.org/10.21275/SR22113123451