In today’s rapidly evolving threat landscape, effective security operations hinge on two critical pillars: automation and context aggregation. As organizations grapple with increasingly sophisticated attacks, the ability to seamlessly integrate diverse security solutions becomes paramount. This challenge is easily resolved through the successful integration of VMware vDefend Advanced Threat Prevention (ATP) with Security Information and Event Management (SIEM) systems.
ATP and SIEM – Better Together
ATP natively supports exporting security-related event logs via the SIEM’s REST API. While syslog is often chosen as the protocol to transmit events due to its nearly universal support, REST API logging allows far more comprehensive data formats, i.e., JSON, enabling ATP to send complex, structured security events with full context. This allows ATP to send the entire spectrum of security events, including both detection (IDS events, network anomalies, file and process analyses) as well as campaigns, which are higher-level detection objects correlated by vDefend Network Detection and Response.
Since each exported detection event is also paired with a link pointing back to ATP, the following showcases how to effectively respond and remediate using Intelligent Assist for VMware vDefend, an interactive chatbot powered by a Large Language Model (LLM) deeply integrated into vDefend user interface. This co-pilot explains detection events in plain English, helping security teams comprehend the full impact of threats while accelerating the remediation process.
As a result, this integration allows ATP data to be seamlessly incorporated into current Security Operations Center (SOC) operations, providing customers with enhanced visibility into East-West network traffic.
Read the full blog here.