Get the report
MoreComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
Open Integration Framework (OIF) is an integration framework created to make the process of integration within a platform run as smoothly as possible. The OIF philosophy makes it easier for organizations to connect disparate security tools for a more seamless security remediation workflow. OIF fundamentally changes how integrations are used within a platform, allowing users to easily integrate with third-party technologies, develop external connectors and trigger various automated actions.
Ease of integration with multiple technologies and third-party products is a vital component of modern security operations centers (SOCs). The open integration nature of OIF allows users to have the freedom to connect to any security tool without disrupting the natural workflow of their SecOps. With OIF, there are no limits to how users can customize, integrate, and adjust their security processes, allowing them to create various integrations, launch different actions, and choose the most optimal workflows.
OIF allows security teams to gain better control over their security operations, establish the most optimal SecOps workflows, improve their remediation processes and create limitless integrations. These are the most valuable benefits you can extract from OIF:
With Sumo Logic Cloud SOAR’s OIF, users can add seven different types of color-based actions to their playbook and tailor each to an organization's specific requirements:
What is the process of creating an integration with Cloud SOAR’s OIF?
Cloud SOAR allows you to create integrations via the innovative use of Docker containers. When creating an integration, you can upload individual action files. Afterward, you can code the action within the integration action file by using one of the supported scripting languages:
All the scripting languages are wrapped into YAML configuration for optimal customizability. Lastly, using different third-party libraries, you can choose in which Docker container you want to launch the integration.
Utilizing Daemons to optimize the use of automation
Cloud SOAR provides the flexibility necessary to customize and run different types of automated procedures. When users generate integrations within Cloud SOAR, the OIF capability allows them to choose an action type labeled “Daemon.” This type of action leverages automation that can be run as a Daemon or as a scheduled process that automatically creates incidents that correlate with the results extracted from a predefined query.
Cloud SOAR’s OIF is an integration framework based on open APIs for defining integrations within the SOAR integrations. The way Cloud SOAR’s OIF differs from other integration frameworks is that it offers unique capabilities that improve the cyber security posture of organizations:
Automated responder knowledge (ARK)
Cloud SOAR’s OIF system relies on its own machine learning engine, ARK. ARK allows Cloud SOAR to apply machine learning to historical data, learn what kind of responses were taken against threats, and recommend playbooks that are most likely to be effective against threats of similar nature.
With the help of ARK, OIF allows users to:
Learn more about Sumo Logic Cloud SOAR OIF.
Reduce downtime and move from reactive to proactive monitoring.