Threat Research

Enhance your cybersecurity workflows with Silent Push SOAR integrations 

Silentpush
Enhance your cybersecurity workflows with Silent Push SOAR integrations 
EXTRACT IOC
Silent Push Enterprise Edition enhances security operations by enriching indicators with extensive context, enabling automated, proactive threat detection and response at scale across multiple SOAR platforms. Integrations with Cortex XSOAR, Splunk SOAR, Torq, Swimlane, Tines, and ServiceNow streamline workflows, reduce manual triage, and improve detection and mitigation of emerging threats. #SilentPush #IOFAFeed #CortexXSOAR #SplunkSOAR #Torq #Swimlane #Tines #ServiceNow

Keypoints

  • Silent Push enriches domains, IPs, and ASNs with over 200 datapoints including DNS history, WHOIS, certificate data, and infrastructure changes.
  • The IOFA™ Feed enables predictive threat intelligence by highlighting Indicators of Future Attack and assisting in proactive defense.
  • Integrations with SOAR platforms like Cortex XSOAR and Splunk SOAR automate alert triage, risk scoring, and response actions using enriched data.
  • Torq and Tines integrations enable no-code automation of threat detection workflows, embedding Silent Push data for faster response.
  • Swimlane’s low-code hyperautomation environment uses Silent Push data to enrich incident cases, enabling early detection and escalation.
  • The upcoming ServiceNow integration facilitates automatic ticket generation and enrichment using IOFA™ feed data for rapid threat mitigation.
  • These integrations reduce manual workload, shorten detection and response times, and enable context-driven security decisions across platforms.

MITRE Techniques

  • [T1071] Application Layer Protocol – Silent Push enriches indicators by analyzing DNS, WHOIS, and certificate data transmitted via web APIs to detect attacker infrastructure (“…enriched with DNS history, certificate associations, infrastructure movement…”).
  • [T1086] PowerShell – Integration with SOAR platforms automates playbooks that execute commands for enrichment and response without manual intervention (“…XSOAR playbook automation capabilities… escalate, suppress, or initiate blocking – all without manual intervention.”).
  • [T1588.002] Obtain Infrastructure – Infrastructure changes and malicious hosting clusters are identified using Silent Push’s enriched datasets to track attacker operations (“…Malicious hosting clusters… Infrastructure changes over time…”).
  • [T1598.001] Phishing – Detection of phishing domains enriched with historical data and risk scores facilitates automated triage and blocking (“…Your SOC receives a phishing or brand impersonation alert… domain enriches… risk score… automated response…”).

Indicators of Compromise

  • [Domains] Enriched with DNS history and certificate data – example: suspicious phishing domain detected and scored in Splunk SOAR alerts.
  • [IP Addresses] Correlated with malicious hosting clusters and infrastructure changes – example: IPs flagged via Cortex XSOAR and IOFA™ feeds for automated blocking.
  • [File Names] Not specifically mentioned but referenced as enriched datasets including scanned endpoint URLs and screenshots in Torq and Tines workflows.
  • [Certificates] WHOIS and certificate data are analyzed for infrastructure changes and risk scoring – example: certificate associations used in Silent Push enrichment.

Read more: https://www.silentpush.com/blog/soar-integrations/?utm_source=rss&utm_medium=rss&utm_campaign=soar-integrations

Views: 27

Tags: SIEM, EDR, PHISHING, DISCOVERY, FIREWALL, SOC, DNS, EMAIL