This summer has delivered serious innovation across Google Cloud's Siemplify SOAR product to help customers enable modern, fast, and effective threat response. Building on our May announcement—SOAR for the age of anywhere operations—we continued our momentum and attention to the technology with a host of new features dedicated to driving efficient security operations. In case you missed any of these valuable additions, here’s a quick recap:
1) Manage playbook permissions
The playbook creator can now manage access and editing rights for specific users or SOC roles for their playbook. How does this relate to the real world? For example, enterprise customers can now restrict access to sensitive playbooks or prevent engineers from overriding your work while building a playbook. MSSP customers can now build playbooks in their own environment while still collaborating with the MSSP's engineers.
2) New MSSP user licenses
Specifically for MSSP customers, we’ve introduced two new licenses that will better support MSSPs that want to run a hybrid SOC together with their end customers. These licenses assist MSSPs in defining how they wish to collaborate with their customers—who can do what.
3) Ingest alerts with webhooks
We’ve introduced webhooks as an easy, lightweight solution for pushing alerts from third-party systems into Siemplify SOAR.
4) Rerun playbooks
Customers can rerun playbooks attached to alerts in a case in order to update results since the previous run, check steps that failed in a playbook, or check logic changes done via the playbook designer.
5) Approve manual playbook actions with a single click
Playbook creators can now utilize one time approval links which enable end users to approve or decline a manual action from wherever they are—including third-party apps like email or Slack, without the need for authentication.
6) Enhanced user management
A host of improvements include authenticating internal users by email address, self-service password creation for newly created users, self-recovery of passwords, the ability to delete a user, and additional flexibility in editing user properties and login details.
7) Additional customization options
Customize actions and playbooks with asynchronous editing actions; improve case investigation flow with the ability to add or edit entity enrichment properties from various system screens; and create custom landing pages based on user type.
8) Improved marketplace
Seven new integrations have been released and more than 50 existing integrations received added capabilities. In addition, the marketplace use cases now include out-of-the-box ontology rules.
Check out these new additions and let us know what you think. Also be sure to join us Oct. 11 to 13 at Google Next and stay tuned for more exciting announcements. There’s much more to come, and we can’t wait to show you what’s on deck!