on Jan 28, 2020
Cysiv Command is a modern security operations and analytics platform. It is the foundation for Cysiv’s threat monitoring, detection, hunting, investigation, and remediation service features. It combines a number of essential technologies and functions into a single platform, leveraging a broad range of advanced data science techniques to automate the time-consuming, complex but essential activities and processes for truly effective threat detection, hunting, investigation, and remediation.
Cysiv Command integrates with the RSA Archer IT & Security Risk Management solution, specifically the RSA Archer Cyber Security & Breach Response use case. Cysiv Command integrates with RSA Archer Security Incidents and Incident Journal applications. This integration provides an ongoing management of incidents and security posture using RSA Archer, while allowing a MSSP (Cysiv) to provide SOC-as-a-Service and SIEM-as-a-Service.
Potential security incidents in Cysiv Command (co-managed SIEM with the end customers) are mirrored to RSA Archer as a means of both informing and interacting with the customer on security investigations. Case details and case comments are mirrored bi-directionally to enable the Cysiv SOC team to use Cysiv Command while customers use RSA Archer. This allows customers of the MSSP services Cysiv provides to track metrics and cases in the RSA Archer Suite, which is important as the customer may have other incidents, cases or GRC activities that are not tracked by Cysiv. RSA Archer acts as the overall security health and performance system for the customer.
Integration Features
Cysiv Command with RSA Archer enables organizations to:
- Create a new RSA Archer security incident from a Cysiv Command case
- Link a Cysiv Command case to an existing RSA Archer security incident
- Sync Cysiv Command case comments with RSA Archer incident journal entries
- Sync Cysiv Command case fields with RSA Archer security incident fields
Resolve Cysiv Command cases linked to RSA Archer security incidents and automatically trigger Cysiv Command to create a new incident journal entry noting that case has been closed and the reason for closing the case.
Solution and Platform Information
- Solution Area: RSA Archer IT & Security Risk Management
- Impacted Use Case: RSA Archer Cyber Incident & Breach Response
- Supported Platform Version: This offering has been developed for and validated on RSA Archer Platform release 6.6.
For More Information
To learn more about the Cysiv Command RSA Ready certified integration:
- Review the Implementation Guide.
For Additional Support
To learn more about Cysiv LLC, please contact info@cysiv.com or 1.833.229.9800. For technical support questions, please contact support@cysiv.com or 1.833.229.9800.