Demisto is a dedicated SOAR software (Security Orchestration, Automation and Response), which enables security teams (SOC) for more effective management of incident handling process and speeds up the response time to new incidents. In addition, a number of internal mechanism standardize incidents from various platforms and enable automation of every aspect of report handling. The solution also supports group work, and with the machine learning mechanism it indicates the members of SOC team who are the most suitable for solving given incidents.


Description of technology


SOAR/SOC - INCIDENT MANAGEMENT - repository of incidents allows the assignment of incidents and their full management together with a complete search engine. As part of handling incidents it is possible to create evidence of breaches and to analyze the incidents in the context of connections with other events within the environment. The system status can be visualized using configurable dashboards and mechanism for creating reports.

SOAR/SOC - ORCHESTRATION AND AUTOMATION - dozens of ready-made integrations allow fast, two-way communication with external systems. Demisto receives data from external systems that can be used to create new incidents or to enrich already existing objects with data. It automates the process of analyzing the received data (e.g. automatic analysis of the file in sandbox cloud of the selected manufacturer), performs information functions (e.g. sending an e-mail to the end-user of the infected workstation to inform him to not open the attachment), and performs fixes (e.g. blocks access to indicated services on the network device). The entire process is supported by a tool that enables creation of a graphical incident analysis scenario (playbook).

SOAR/SOC - WAR ROOM - product also has an interesting mechanism that provides the environment for testing new functions, scripts and speeds up work with the system using a CLI command engine. The entire incident analysis process is simultaneously used to build the central IoC base and processed by the machine learning mechanism, which allows providing guidance to system operators and is able to manage the process of assigning incidents (incidents with similar characteristics will be directed to the same operator speeding up their handling).

Helpfull files

Authorized trainings

Interested? Check our training offer.


Installation | Configuration | Use