BlackPoint
under review
A
Amaranth Egret
BlackPoint SOC software is a comprehensive cybersecurity solution that combines advanced threat detection, incident response, and proactive monitoring capabilities. It provides organizations with real-time visibility into their network, enabling them to detect, analyze, and respond to security incidents swiftly and effectively.
Log In
B
Brooke Guerrero
Hi there voters, what sort of automations would you like to see built with BlackPoint?
S
Supreme Pinniped
Brooke Guerrero Just seeing this, but I have some ideas I'm sure most users who have blackpoint would be excited about.
- Automatic Endpoint Triage, this would allow us to run actions automatically based off of endpoint alerts and have instant responses to alerts.
- Compliance Logging, for those who use blackpoint in compliance scenarios we need to log changes being made. We should be able to create an automation that will track these changes made within the platform that can be used in compliance audits instead of manually having to go in and track changes.
- Incident Information Gathering, as Rewst has access to most of our systems if a device that is in Blackpoint indicates a breach or incident we can make a much broader ticket that has much more valuable information, such as grabbing the information about the device from the RMM, get the user of that device from the RMM and then get information about that user from the PSA and other useful information about previous tickets from the PSA for that user. This would make triaging these incidents much easier and faster.
- Playbook Form, have a form that will have a list of actions that Rewst can call for in Blackpoint that will allow users to quickly send commands based off of alerts without having to login to the blackpoint website and find the device and then run the command we need to run. This would make it so we could quickly run commands based off of what we are seeing and needs to be done.
- Escalation Of Notifications, if an incident alert is created and a ticket is created from that and if Rewst detects more than one incident occurring with a set amount of time, etc it will escalate the ticket and add notes about what it is seeing in Blackpoint so the Technician can get access to the information quickly.
- Alert Correlation, as most companies have multiple layers of security and monitoring, being able to put these alerts together and have them easily mapped together would be a much needed resource as right now we have to go to each system and check the time and see if that system detected anything and if it did, is it the same as the other system, etc.
Overall these are just some quick ideas I had on what would make using blackpoint with our other systems so much better!
Let me know if you have any questions!
S
Slim Blackbird
Looks like maybe there is one now. Unless this doesn't do what I think it would do.
S
Slim Blackbird
D
Danial Gagne
under review
B
Brilliant Reptile
BPC doesn't have a public API to use at the current point in time. From what I've heard it's something that's been requested heavily, but it's not on the short-term roadmap.