ThreatConnect has partnered with Cisco Security to deliver a Playbook App for joint customers to use Cisco Secure Access by Duo (formerly Cisco Duo). Now, users can automate processes during an internal security investigation when it’s critical to quickly get user information or suspend users involved with a security incident.
The App allows you to:
- Get user account information, including Groups and Applications the user has access to. This information can be used for making automated decisions about the next steps to take in the investigation as well as helping analysts have the information they need without having to collect it manually.
- Suspend a user’s account for a time period while an investigation takes place and analysts can confirm that the account is not compromised. This action can be automated as part of a Workflow or Playbook. Later in the process, the account can be unsuspended and the password can be reset automatically.
The app contains the following actions:
- Activate User
- Disable User
- Get User
- Get User Groups
- Get User Phones
- Advanced Request
Together, ThreatConnect and Cisco Secure Access by Duo help you to automate IdAM actions, saving you time during an internal security investigation. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the Cisco Secure Access by Duo Playbook App (titled Cisco Duo in our app catalog). If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at firstname.lastname@example.org.