Open Integration Framework (OIF) - Definition & Overview

Open Integration Framework (OIF) is an integration framework created to make the process of integration within a platform run as smoothly as possible. The Open Integration Framework philosophy makes it easier for organizations to connect disparate security tools for a more seamless security remediation workflow. OIF fundamentally changes the way integrations are being utilized within a platform, allowing users to easily integrate with third-party technologies, develop external connectors and trigger various automated actions.

Ease of integration with multiple technologies and third-party products is a vital component of modern SOCs. OIF’s open integration nature allows users to have the freedom to connect to any security tool without disrupting the natural workflow of their SecOps. With OIF, there are no limits to the way users can customize, integrate, and adjust their security processes, allowing them to create various integrations, launch various actions, and choose the most optimal workflows.

OIF allows security teams to gain better control over their security operations, establish the most optimal SecOps workflows, improve their remediation processes, and most importantly - create limitless integrations. These are the most valuable benefits you can extract from OIF:

• Faster integration development

• Multiple scripting languages

• No advanced coding skills required

• Users can customize their existing integrations and also add new ones

• Minimal technical knowledge required

• Built-in and third-party libraries

• Custom integrations are easily shared among users

• Advanced incident response capabilities

• Total control over all your integrations

With Cloud SOAR’s Open Integration Framework, users can add to playbook seven different types of color-based actions:

• Enrichment

• Scheduled

• Containment

• Notification

• Custom

• Automatically assigned tasks

• Machine or user choices

All of these actions can be tailored to the organization's specific requirements.

Cloud SOAR allows you to create integrations via the innovative use of Docker containers. When creating an integration, you can upload individual action files. Afterward, you can code the action within the integration action file by using one of the supported scripting languages:

• Perl

• Python

• Powershell

• Bash

All the scripting languages are wrapped into YAML configuration for optimal customizability. Lastly, by using different third-party libraries, you can choose the Docker container you want the integration to be launched in.

Cloud SOAR provides the flexibility necessary to customize and run different types of automated procedures. When users generate integrations within Cloud SOAR, the OIF capability allows them to choose an action type labeled “Daemon.” This type of action leverages automation that can be run as a Daemon or as a scheduled process, and it automatically creates incidents that correlate with the results extracted from a predefined query.

Sumo Logic Cloud SOAR’s Open Integration Framework is an integration framework based on open APIs for defining integrations within the Cloud SOAR Platform. The way Cloud SOAR’s OIF differs from other integration frameworks is that it offers unique capabilities that improve the cybersecurity posture of organizations:

• Creating integrations from the ground up with minimal programming knowledge required

• User can create custom integrations that can be used within playbooks

• Defining integrations in a text-based format that works at an action level, not as one monolithic file

• Allowing users to manage complex integrations autonomously by breaking them down into multiple individual actions

• Providing an open and cooperative ecosystem that allows users to share integrations and playbooks for approaching particular use cases

With the help of ARK, OIF allows users to:

• Analyze incoming incidents based on shared indicators and their connection to similar incidents

• Propose relevant actions and playbooks by relying on its algorithm based on similar and related threats

• Prioritize threats with higher risk by assigning them to the appropriate team

• Identify parent incidents and link them together with similar incidents based on demographics

Cloud SOAR’s OIF system relies on ARK - its very own machine learning engine. ARK allows Cloud SOAR to apply machine learning to historical data, learn what kind of responses were taken against threats, and recommends playbooks that are most likely to be effective against threats of similar nature.