Splunk
HarfangLab Security events, Threats and Audit Logs can be fetched and indexed in Splunk using the HarfangLab EDR Splunk App.
The openness of a solution is crucial to ensure augmented deployment of your cyber roadmap. With HarfangLab, you are free to build your SOC platform with the solutions that meet your technical requirements and context.
Choose the security capabilites you need to protect your information system, and easily correlate data from different sources.
HarfangLab Security events, Threats and Audit Logs can be fetched and indexed in Splunk using the HarfangLab EDR Splunk App.
HarfangLab EDR can send the security events to an IBM QRadar SIEM for further alert correlation and aggregation. HarfangLab provides a DSM to parse HarfangLab’s security events.
HarfangLab EDR can send its security events, EDR telemetry and EDR logs to the Sekoia.io platform for Threat Intelligence for contextualization and correlation with other security events.
HarfangLab EDR can send its security events, EDR telemetry and EDR logs to Thales Cybels Analytics for Threat Intelligence contextualization and correlation with other security events.
Security events, EDR telemetry and EDR logs can be transmitted using the Syslog protocol (TCP, UDP, TCP/TLS) to an external Syslog collector.
OverSOC provides a real-time comprehensive view of cybersecurity risks that everyone can see and understand. Gain transparent, clear, and practical insights you can use to take control of your information system.
HarfangLab provides a rich set of XSOAR functions to manage the EDR and run advanced playbooks. The provided playbooks allow to automate the security event management and the Threat Intelligence management.
HarfangLab provides a connector to send security events to TheHive, a scalable, open source and free Security Incident Response Platform, tightly integrated with MISP.
30+ responders that allow security analysts to take actions on the EDR directly from TheHive alerts (isolate agent, start forensics collection jobs, retrieve forensics artifacts, search in telemetry…).
Mindflow’s no-code building platform is able to collect HarfangLab EDR’s security events and automate cybersecurity operations to empower analysts’ capacities.
IBM Security QRadar SOAR connector allows to fetch security events from an HarfangLab EDR Manager and manage the incident response.
Open source SOAR with various connectors with communication tools, SIRP/Ticketing platforms, CTI platforms, SIEMs, Firewalls. Allows to automate any kind of operations through workflows.
Airbus Prophecy’s SOAR can collect HarfangLab EDR’s security events and automate cyber operations through playbooks.
HarfangLab EDR is able to collect Threat Intelligence from a MISP Threat Intelligence platform.
The connector allows security events & threats to be sent to OpenCTI + YARA, Sigma rules and IOCs sent to HarfangLab (hash, IPv4, IPv6, DNS, URL).
Defants brings essential automation to assist investigations, with automatic scores standardized by MITRE ATT&CK framework, knowledge graph to explore and discover complex attack paths…
Binaries automatically collected by HarfangLab EDR can be transmitted to GLIMPS, that offers a unique Deep Learning technology designed to read and understand the elements that compose a binary.
Binaries automatically collected by HarfangLab EDR can be transmitted to a CAPE sandbox for dynamic behavioral analysis.
Hashes of runned binaries identified by HarfangLab EDR can be matched against VirusTotal database to identify known viruses.
Binaries automatically collected by HarfangLab EDR can be transmitted to an Orion sandbox for static analysis through dozens of analyzers, antivirus analysis with 5 different antiviruses, and dynamic behavioral analysis.
Gatewatcher connector allows to provide system context information (endpoint information, process) associated to network security events.
HarfangLab EDR can send its security events, EDR telemetry and EDR logs to Thales Cybels Sensor’s Operation Center for further Threat Intelligence enrichment and correlation with network security events.
Allows to provide system context information (endpoint information, process) associated to network security events, and isolate compromised agents from Vectra user interface.
HarfangLab EDR Manager supports the OpenID Connect protocol to authenticate users with a 3rd party identity provider.
HarfangLab EDR’s Open LDAP connector allows to authenticate users from an Open LDAP central directory.
HarfangLab EDR’s Active Directory connector allows to authenticate users from an Active Directory, including Azure AD Domain Services’ Active Directory.
HarfangLab EDR can use Google Authenticator application for Multi-Factor authentication.
HarfangLab EDR can use Microsoft Authenticator application for Multi-Factor authentication.
HarfangLab EDR can use an Okta LDAP interface to authenticate users.