Cytomic Orion Integration with SOC Tools

Given the increase in the variety of devices that require protection, the number of threats in circulation, and the infection vectors they use, organization SOCs are simply overwhelmed by the amount and diversity of incidents they have to manage. This situation leads organizations to incorporate new and increasingly sophisticated tools to automate the processes of incident analysis, containment, and remediation. This new range of services covers many areas and requires continuous exchange of information, often manually, between applications.

These new tools create greater difficulty when it comes to consistently and homogeneously executing the procedures implemented in the SOC. As a result, response times are highly variable and the quality of service obtained depends directly on the type of incident being handled, the set of tools used, and the technical team that used them.

Cytomic Orion implements multiple APIs that facilitate integration with the set of tools used in the SOC as well as automated management of the resources involved in incidents and incident response.

The retention period for the telemetry stored in the data lake is one year.