One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8340926 |
| Date de publication | 2023-05-31 12:00:25 (vue: 2023-05-31 17:06:36) |
| Titre | Ajout d'actions de correction de la gestion du nuage de navigateur Chrome dans Splunk en utilisant des actions d'alerte Adding Chrome Browser Cloud Management remediation actions in Splunk using Alert Actions |
| Texte | Posted by Ashish Pujari, Chrome Security Team
Introduction
Chrome is trusted by millions of business users as a secure enterprise browser. Organizations can use Chrome Browser Cloud Management to help manage Chrome browsers more effectively. As an admin, they can use the Google Admin console to get Chrome to report critical security events to third-party service providers such as Splunk® to create custom enterprise security remediation workflows.
Security remediation is the process of responding to security events that have been triggered by a system or a user. Remediation can be done manually or automatically, and it is an important part of an enterprise security program.
Why is Automated Security Remediation Important?
When a security event is identified, it is imperative to respond as soon as possible to prevent data exfiltration and to prevent the attacker from gaining a foothold in the enterprise. Organizations with mature security processes utilize automated remediation to improve the security posture by reducing the time it takes to respond to security events. This allows the usually over burdened Security Operations Center (SOC) teams to avoid alert fatigue.
Automated Security Remediation using Chrome Browser Cloud Management and Splunk
Chrome integrates with Chrome Enterprise Recommended partners such as Splunk® using Chrome Enterprise Connectors to report security events such as malware transfer, unsafe site visits, password reuse. Other supported events can be found on our support page.
The Splunk integration with Chrome browser allows organizations to collect, analyze, and extract insights from security events. The extended security insights into managed browsers will enable SOC teams to perform better informed automated security remediations using Splunk® Alert Actions.
Splunk Alert Actions are a great capability for automating security remediation tasks. By creating alert actions, enterprises can automate the process of identifying, prioritizing, and remediating security threats.
In Splunk®, SOC teams can use alerts to monitor for and respond to specific Chrome Browser Cloud Management events. Alerts use a saved search to look for events in real time or on a schedule and can trigger an Alert Action when search results meet specific conditions as outlined in the diagram below.
Use Case
If a user downloads a malicious file after bypassing a Chrome “Dangerous File” message their managed browser/managed CrOS device should be quarantined.
Prerequisites
Create a Chrome Browser Cloud Management account at no additional costs
|
| Envoyé | Oui |
| Condensat | /investigate access account accounts” action actions add adding additional adjust admin after alert alerting alerts all allow allowlist allows analyze any api app applied apply approach approved are ashish asking assign attacker attending automate automated automatically automating avoid basis been below better block blocked blocklist blog browser browser/managed browsers burdened business button bypassing call called can capability case center check chrome click cloud collect come company conclusion conditions configuration configure configured configuring connectors console contact continuously cost: costs create created creating critical cros custom customer customize dangerous data depending desktop detecting device device/browser devices diagram directory discard discussed does domain done download downloaded downloads effectively either enable ensure enterprise enterprises event events every example exe” exfiltration existing extended extract fatigue fidelity file file” follow foothold found from gaining gartner generate generates get github giving google great greatly guide harbor have help helpdesk here high home homepage how identified identifying imperative important improve informed insights install installation instance instructions integrates integration internal introduction investigate item json keep key known layout limited line link location look malicious malware manage managed management management” manually mature meet message millions monitor more move moved name national new next not notice often online only open operations options organization organizations other outlined over page part partners party password path per perform platform please policies possible posted posture prerequisites prevent prioritizing privileges process processes program properly protect providers pujari quarantine quarantined query quickly real recommended reducing refer regular remediating remediation remediations report representation respond responding restricted restrictive result results reuse risk role runs sample save saved scalable schedule scheduled screenshot search section secure security see seen service set setting settings setup should show shown site soc some soon specific splunk splunk® start structure such summit support supported system tab take takes tasks team teams test testsafebrowsing then thereby these third threats time transfer trigger triggered triggers trusted two type uncommon under understand understanding unsafe url urls use used user users uses using usually utilize value visits vital warning warnings website week when which why will workflow workflows workspace you your “assign “chrome “dangerous “quarantine” “should |
| Tags | Malware Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.