+
=

Empowering Security Teams With Integrated Threat Intelligence

Watch 1-Minute Demo

Google SecOps, the leading SIEM and SOAR platform is now integrated with Team Cymru’s Scout as a Google-certified App.

SecOps is a cloud-native, integrated security platform that empowers security teams to identify threats and defend against sophisticated attacks. Through a new integration - jointly developed by Team Cymru and Google - SecOps is now enriched with IP, domain and Netflow intelligence provided by Team Cymru.

​The App works with SecOps SIEM and SecOps SOAR, and allows you to identify threats, make informed decisions and drive rapid automated response through enrichment from the world's largest collection of real-time telemetry and threat intelligence from Team Cymru.

Detect The Threat:

SIEM Integration: enrichment of IP addresses upon Ingestion.

  • ​Is the IP address Malicious or suspicious?
  • Tags are automatically applied to IP’s for easy identification
  • View external netflow and communications patterns to understand threat actors’ behavioral patterns and TTP’s

Inform the Response:

SOAR: Playbooks and Widgets are included with the integration for free.

  • Drive powerful automation to respond to threats automatically
  • Identify and resolve false-positives faster
  • Enables your team to scale and become more productive

How The App works with Google SecOps SIEM

The Google SecOps integration for Team Cymru Scout automatically enriches IP addresses with detailed information on IP and domain activity, as well as account usage insights, and Netflow communications, seamlessly ingesting this data into the SecOps environment.

Automatically enrich any IP address - upon ingestion - with details of IP and Domain along with IP communications data derived from Netflow sampling. In addition, user scheduled queries can pull any additional intelligence into SecOps dashboards to assist with security investigations.

Watch 1-Minute Demo

Automatically enrich any IP address - upon ingestion - with details of IP and Domain along with IP communications data derived from Netflow sampling. In addition, user scheduled queries can pull any additional intelligence into SecOps dashboards to assist with security investigations.

Watch 1-Minute Demo

Use Cases

Domain and IP Research

Leverage the world's largest data ocean to quickly and easily triage and investigate any IP address, or domain. Search a single IP or bulk research by querying up to 10 IP addresses at once. Empower SOC teams with context to accelerate IR and investigations.

Inform and Accelerate Investigations

Gather detailed views of IP address relationships, including communication patterns, open ports, passive DNS data, X509 certificates, fingerprints, and WHOIS information.

Respond To Threats and Neutralize Faster

  • Obtain critical information about IP addresses that appear in alerts or security incidents.
  • Accelerate the triage of alerts and streamline the management of security incidents

Enhance Your Security Operations With Real-Time IP And Domain Intelligence

SecOps customers benefit from real-time IP and domain intelligence and will accelerate incident response, enhance investigations, and reduce false positives by enriching SecOps with the world's largest threat intelligence data ocean.

  • Quickly identify and mitigate threats with real-time data
  • Gain deeper insights and context for thorough investigations
  • Improve accuracy and efficiency by minimizing false alerts

How The App Works With Google SecOps SOAR

The Google Secops integration for Team Cymru Scout also integrates with Secops SOAR. This integration automatically retrieves valuabe threat intelligence through API calls and drives and enables automated workflows and decision making. When threats or malicious activities are observed by Team Cymru, the SOAR capability in Secops takes action and can block an IP, file tickets or take other corrective or blocking actions.

Team Cymru's SecOps SOAR Playbooks are available in GitHub here.

Team Cymru’s Playbooks For Google SecOps:

Team Cymru’s Blocks For Google SecOps

In addition, Blocks are included with our integration. A block is a re-usable set of actions and conditions that can be used in multiple playbooks. This acts as a wrapper for performing sets of actions that are often performed in multiple playbooks.

Integration User Guides

Check out the Scout For Google SecOps SOAR User Guide HERE
Check out the Scout For Google SecOps SIEM User Guide HERE

Playbooks are easily imported into your own instance of SecOps

Step 1

Download the .zip file of the playbook that needs to be imported. This file would also contain all the blocks that are used in the playbook.

Step 2

Open the SecOps instance. From the sidebar, navigate to Response > Playbooks section.

Step 3

Click on the three dots icon at the top of the Playbooks, and then click on Import.

Step 4

Select the .zip file downloaded earlier.

The playbooks will be imported and available under the “Imported Playbooks” folder and easily moved to any other folder of your choice.

The playbooks can be customized based on your needs and specific use cases.  You can easily append templates to include specific actions to be taken when conditions in the playbook are met.

Why Team Cymru and Google SecOps Are a Winning Combination

Team Cymru and Google SecOps provide a robust combined solution to detect suspicious activity or potential threats and enrich with detailed, real time threat intelligence to identify even the most complex attacks.

Leveraging powerful automation from SecOps SOAR,  Team Cymru's threat intelligence and extensive data on IP, domain, and Netflow can streamline investigations and empower SOC teams to achieve more in less time. This combined capability can execute automated playbooks to protect any organization 24x7 - even when the team is focused on other tasks or out of the office.