What is Open Integration Framework?
Open Integration Framework (OIF) is an integration framework created to make the process of integration within a platform run as smoothly as possible. The Open Integration Framework philosophy makes it easier for organizations to connect disparate security tools for a more seamless security remediation workflow. OIF fundamentally changes the way integrations are being utilized within a platform, allowing users to easily integrate with third-party technologies, develop external connectors and trigger various automated actions.
Why is OIF important in cybersecurity?
Ease of integration with multiple technologies and third-party products is a vital component of modern SOCs. OIF’s open integration nature allows users to have the freedom to connect to any security tool without disrupting the natural workflow of their SecOps. With OIF, there are no limits to the way users can customize, integrate, and adjust their security processes, allowing them to create various integrations, launch various actions, and choose the most optimal workflows.
What are the key benefits of OIF?
OIF allows security teams to gain better control over their security operations, establish the most optimal SecOps workflows, improve their remediation processes, and most importantly - create limitless integrations. These are the most valuable benefits you can extract from OIF:
Faster integration development
Multiple scripting languages
No advanced coding skills required
Users can customize their existing integrations and also add new ones
Minimal technical knowledge required
Built-in and third-party libraries
Custom integrations are easily shared among users
Advanced incident response capabilities
Total control over all your integrations
What kind of actions does Cloud SOAR’s OIF allow you to create?
With Cloud SOAR’s Open Integration Framework, users can add to playbook seven different types of color-based actions:
Automatically assigned tasks
Machine or user choices
All of these actions can be tailored to the organization's specific requirements.
What is the process of creating an integration with Cloud SOAR’s OIF?
Cloud SOAR allows you to create integrations via the innovative use of Docker containers. When creating an integration, you can upload individual action files. Afterward, you can code the action within the integration action file by using one of the supported scripting languages:
All the scripting languages are wrapped into YAML configuration for optimal customizability. Lastly, by using different third-party libraries, you can choose the Docker container you want the integration to be launched in.
Utilizing Daemons to optimize the use of automation
Cloud SOAR provides the flexibility necessary to customize and run different types of automated procedures. When users generate integrations within Cloud SOAR, the OIF capability allows them to choose an action type labeled “Daemon.” This type of action leverages automation that can be run as a Daemon or as a scheduled process, and it automatically creates incidents that correlate with the results extracted from a predefined query.
The key differentiators of Cloud SOAR’s OIF
Sumo Logic Cloud SOAR’s Open Integration Framework is an integration framework based on open APIs for defining integrations within the Cloud SOAR Platform. The way Cloud SOAR’s OIF differs from other integration frameworks is that it offers unique capabilities that improve the cybersecurity posture of organizations:
Creating integrations from the ground up with minimal programming knowledge required
User can create custom integrations that can be used within playbooks
Defining integrations in a text-based format that works at an action level, not as one monolithic file
Allowing users to manage complex integrations autonomously by breaking them down into multiple individual actions
Providing an open and cooperative ecosystem that allows users to share integrations and playbooks for approaching particular use cases
Automated Responder Knowledge (ARK)
With the help of ARK, OIF allows users to:
Analyze incoming incidents based on shared indicators and their connection to similar incidents
Propose relevant actions and playbooks by relying on its algorithm based on similar and related threats
Prioritize threats with higher risk by assigning them to the appropriate team
Identify parent incidents and link them together with similar incidents based on demographics
Cloud SOAR’s OIF system relies on ARK - its very own machine learning engine. ARK allows Cloud SOAR to apply machine learning to historical data, learn what kind of responses were taken against threats, and recommends playbooks that are most likely to be effective against threats of similar nature.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.