Trellix (formerly McAfee) Endpoint Security and Smart SOAR combine to produce a unified threat management and incident response system. Security teams may be looking for ways to integrate their tools without consolidating within a single vendor. For teams in this position, Smart SOAR is a perfect fit. With this integration, users can combine their endpoint data with network, identity, email and other security tools into a cohesive system that works together to detect and mitigate threats.
In this blog post, we’ll demonstrate how you can use Trellix Endpoint Security for several workflows, such as compliance audit and reporting, threat intelligence and policy enforcement, and proactive vulnerability scanning.
Combine the “List Repository” command with the “Check Repository Compliance” command and further chain it with the “List Running Server Task” command. This integrated workflow enables the listing of all repositories, checking their compliance status, and then retrieving a list of running server tasks to validate that compliance scans are actively running and up-to-date.
Chain the “Search Threat Events” command with the “Find System By Tag Name” command and the “Assign Policy To System” command. This integrated workflow allows for the search of threat events, identification of systems with a specific tag, and automatic assignment of a predefined security policy to the identified systems, based on the threat intelligence gathered.
Chain the “Find System by Group” command with the “Get Device Info” command and the “Scan Endpoint By IP” command. This workflow pulls a list of all endpoints in a specific group, gathers details on the device, and then initiates scans of each device. This enables proactive identification and remediation of potential vulnerabilities.
Smart SOAR and Trellix can be integrated to assist with incident response, compliance auditing, threat intelligence, and vulnerability scanning. By combining endpoint data from Trellix with the automation and orchestration capabilities of Smart SOAR, users can transform siloed tools into a unified ecosystem that work together to minimize the impact of individual security incidents.