SOC Integration Architecture

Cytomic Orion integrates with third-party tools and applications developed in the SOC through multiple REST APIs. This diagram shows how Cytomic Orion integrates with SOC resources:

Cytomic Orion integration with multiple SOC products

Elements in the diagram:

CTI (Cyber Threat Intelligence): An open platform for exchanging cybersecurity information. It monitors, collects, and analyzes potential cyberthreats targeting organizations, thus enabling security teams to design defensive and remediation actions. Cytomic Orion is compatible with MISP (http://www.misp-project.org/) .

See the integration guide at https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/

Ticketing: Tools that ensure the correct management of indicators. These tools enable you to create, assign, and follow up on investigations until they are closed, and collect key performance indicators (KPIs) that show the value of the SOC security service. Cytomic Orion is compatible with ServiceNow (https://www.serem.com/productos/servicenow/).

Download the integration guide from https://info.cytomicmodel.com/resources/guides/Orion/en/ORION-snowguide-EN.pdf

SOC Apps: Applications created in the SOC that use the Cytomic Orion API to resolve specific problems.
SIEM (Security Information and Event Management): Tools that combine security information management and security event management to enable real-time monitoring and analysis of the security-related events generated by applications and hardware on the network.