Description
ConcealBrowse offers different integrations to incorporate into your organization. These are optional and can be configured through your Conceal dashboard. We will be going over the different integrations we offer. In the future, we will have the integrations section open source.
Procedure
- In your web browser, navigate to https://dashboard.conceal.io/ and login if necessary, go to the Integrations section on the left hand menu.
- The integrations are sorted in 4 different sections:
-
Threat Intelligence - These integrations run before the ConcealBrowse extension directs the user or device to the destination url and processes the url for any threats. If any threats are detected, the user or device will trigger an isolation event for that url. This allows customers to apply trusted 3rd party threat intel sources and enforce them through ConcealBrowse.
NOTE: Do not disable the ConcealIntel plugin for any reason. If you are experiencing issues refer to Disabling the extension section or reach out to support@conceal.io- AlienVault
- ConcealIntel
- DomainTools
- Google Safe Browsing
- MetaDefender
- VirusTotal
-
Network/Firewall - These integrations run before the ConcealBrowse extension directs the user or device to the destination url and simultaneously validates the URL against gateway to determine if it should be allowed, blocked or redirected. If the gateway blocks the URL then ConcealBrowse will redirect the user to a Cisco block page designated in the integration configuration and record the event as a "redirect" event. If an explicit allow policy is set for the URL in the gateway, that policy will override any threat detection by ConcealBrowse. These integrations are useful to protect users/devices when remote (not behind the gateway) and also simplify administration between the gateway and ConcealBrowse.
- Cisco SWG
- Fortinet Fortigate
-
SIEM/SOAR - These integrations run after the ConcealBrowse extension has directed the user or device to a url, triggered an isolation event, or blocked/redirected the url using any of Threat Intelligence / Network + Firewall integrations along with Conceal's intelligence integration. Data generated by ConcealBrowse based on this event will be sent to the SIEM / SOAR. These integrations provide visibility into ConcealBrowse events in the SIEM for further correlation, investigation or threat hunting and simplified administration for SOC teams.
- Devo
- Elasticsearch
- Fluentd
- Azure Sentinel
- Logstash
- Splunk
- Syslog
- Webhook
-
MDR / XDR / EDR - These integrations run after the ConcealBrowse extension has directed the user or device to a url, triggered an isolation event, or blocked/redirected the url using any of Threat Intelligence / Network + Firewall integrations along with Conceal's intelligence integration. Data generated by ConcealBrowse based on this event will be sent to the MDR / XDR / EDR. These integrations add ConcealBrowse telemetry to the MDR/XDR/EDR product for improved threat detection, hunting and administration.
Note: Test Integration button is grayed out until the Integration is configured, only available on SecureWorks Taegis & SentinelOne Singularity- Crowdstrike Falcon - Sends domains detected by ConcealBrowse as suspicious or malicious to Falcon as Custom IOCs. Administrators can set risk score thresholds and severity levels for Falcon detections.
- SecureworksTaegis - Sends ConcealBrowse preprocess event logs for ingestion by Secureworks Taegis platform for visibility, detection and correlation with endpoint data.
- SentinelOne Singularity - Sends ConcealBrowse preprocess event logs for ingestion by SentineOne Singularity XDR platform for visibility, detection and correlation with endpoint data.
-
Threat Intelligence - These integrations run before the ConcealBrowse extension directs the user or device to the destination url and processes the url for any threats. If any threats are detected, the user or device will trigger an isolation event for that url. This allows customers to apply trusted 3rd party threat intel sources and enforce them through ConcealBrowse.
- To configure any of the integrations, click the button labeled Configure, and enter the appropriate information, and click Save. You can find more detailed information in the Integrations section.
*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.
0
0
Was this article helpful?
0 out of 0 found this helpful
Articles in this section
- Allow policies to consider when starting with ConcealBrowse
- Content Blocking with ConcealBrowse
- How to implement policies in the ConcealBrowse dashboard
- Managing ConcealBrowse Extension settings as an administrator
- Managing Users in the ConcealBrowse dashboard
- Multi-Factor Authentication with ConcealBrowse
- Navigating the Audit section of the ConcealBrowse dashboard
- Navigating the ConcealBrowse Dashboard section
- Navigating the Devices section of the ConcealBrowse dashboard
- Navigating the Integrations section of ConcealBrowse