Hi all,
Is there any way, during the execution of tests involving Web Gateway (browsing, phishing, etc), from the Cymulate environment (agent or API logs, or even integration with Splunk via SPL), to allow the collection of IOC's (URL's mostly) in realtime? The goal is to send it to the SIEM (Splunk) and correlate it with firewall and proxy logs (for example) so that the team is told that that connection to that URL is related to Cymulate tests. What I have identified so far at this level is the collection via API (feeds and technical reports) but this collection is only possible when the tests are finished, but some tests, depending on the scope, take up to 3 days to complete.
Regards
Uiliam Mello
Best answer by Shiraz
View original