Resolve and Micro Focus ArcSight offer a fully integrated solution to quickly validate, investigate, and remediate security incidents via end-to-end automated workflows. ArcSight’s SIEM capabilities are tightly integrated with Resolve’s powerful interactive automation and embedded process guidance so even junior analysts can safely execute incident response workflows faster than ever before.
- Simply click on an incident in ArcSight’s console to execute Resolve automations and process guidance
- Automatically poll ArcSight for new incidents, and trigger new automations and process guidance based on pre-defined conditions
- Pre-populate Resolve with critical and relevant ArcSight event details such as event ID, priority, source/target IPs, target ports, etc.
- Consistently enforce NIST 800-61 guidelines by leveraging standardized Resolve security playbooks and procedures
- Safely enable automated actions for 3rd party infrastructure systems and devices that anyone can execute – no escalation required
- Auto-update ArcSight events with status and comments after the Resolve automation and process is completed
- Track all actions – whether human or automated – in a centralized audit trail for easier debugging, faster investigations, and hassle-free compliance
Automate Repetitive Tasks & Let the Humans Make the Complex Decisions.
We know that you can’t automate everything… especially in the SOC. Human decision-making is a critical part of the incident response workflow, that’s why we blend operational guidance with automated actions, for faster investigations, powered by enhanced analysis. What’s more, we automate diagnostic data collection, so you no longer have to chase down dozens of systems to verify incidents or vet false positives.
Get Started Fast… 100s of Integrations with Security Tools
We know you have a rich security toolkit, leveraging a variety of security technologies in addition to ArcSight. Use our extensive library of field-tested integrations with 3rd party security tools to automate the investigation triage process of events detected by ArcSight to eliminate false positives and accelerate a well-targeted incident response strategy.
Empower Security Analysts with Well-Designed Workflows
Our visual workflow designer makes it easy for SOC teams to plan and customize the end-to-end IR workflow, carefully choosing which steps to automate, and enhancing human actions and decisions with prescriptive contextual guidance. Choose from our 1000s of pre-built playbooks to start your automation journey today.