Aim of this project

Automate Case Creation and Observables with Shuffle SOAR:

Utilize Shuffle SOAR to automate the creation of security cases upon detection of high-priority events. Shuffle will trigger workflows that interact with TheHive. These workflows will create cases in TheHive and extract relevant indicators of compromise (IOCs) from the events (e.g., IP addresses, domains, URLs). Shuffle can then add these IOCs as observables to the corresponding case within TheHive.

Automate Threat Investigation Workflows:

Integrate Cortex (by TheHive) with threat intelligence feeds and external analyzers. Upon case creation in TheHive, triggered by Shuffle workflows, Cortex can automatically run pre-configured investigation playbooks or any of the dedicated analyzers according to the detected incident. These playbooks can automate tasks like:

• Enriching the case with threat intelligence data.

• Assessing the risk associated with the observables.

• Performing threat hunting on the network for related activity.

• Collecting additional forensic evidence from endpoints.

• Suggesting potential remediation actions.

Improve Analyst Efficiency:

The automation of investigation tasks will free up analyst time for focusing on complex incidents requiring human expertise and judgment.

Reduction in time to investigate and respond to security incidents.

Decrease in the number of alerts requiring manual analysis by focusing on high-priority events.

Increased analyst productivity through automation of routine investigation tasks.

To gain relevant experience and understanding of the processes that are carried out in the SOC setup in the organizations and usage of tools for the same.

Reduce Costs:

Utilize readily available open-source tools to establish a robust SOC solution without incurring significant licensing fees.