Open Integration Framework (OIF) - definition & overview

Open Integration Framework (OIF) is an integration framework created to make the process of integration within a platform run as smoothly as possible. The OIF philosophy makes it easier for organizations to connect disparate security tools for a more seamless security remediation workflow. OIF fundamentally changes how integrations are used within a platform, allowing users to easily integrate with third-party technologies, develop external connectors and trigger various automated actions.

Ease of integration with multiple technologies and third-party products is a vital component of modern security operations centers (SOCs). The open integration nature of OIF allows users to have the freedom to connect to any security tool without disrupting the natural workflow of their SecOps. With OIF, there are no limits to how users can customize, integrate, and adjust their security processes, allowing them to create various integrations, launch different actions, and choose the most optimal workflows.

OIF allows security teams to gain better control over their security operations, establish the most optimal SecOps workflows, improve their remediation processes and create limitless integrations. These are the most valuable benefits you can extract from OIF:

• Faster integration development
• Multiple scripting languages
• No advanced coding skills are required
• Users can customize their existing integrations and also add new ones
• Minimal technical knowledge required
• Built-in and third-party libraries
• Users can easily share custom integrations
• Advanced incident response capabilities
• Total control over all your integrations

With Sumo Logic Cloud SOAR’s OIF, users can add seven different types of color-based actions to their playbook and tailor each to an organization's specific requirements:

• Enrichment
• Scheduled
• Containment
• Notification
• Custom
• Automatically assigned tasks
• Machine or user choices

What is the process of creating an integration with Cloud SOAR’s OIF?

Cloud SOAR allows you to create integrations via the innovative use of Docker containers. When creating an integration, you can upload individual action files. Afterward, you can code the action within the integration action file by using one of the supported scripting languages:

• Perl
• Python
• Powershell
• Bash

All the scripting languages are wrapped into YAML configuration for optimal customizability. Lastly, using different third-party libraries, you can choose in which Docker container you want to launch the integration.

Utilizing Daemons to optimize the use of automation

Cloud SOAR provides the flexibility necessary to customize and run different types of automated procedures. When users generate integrations within Cloud SOAR, the OIF capability allows them to choose an action type labeled “Daemon.” This type of action leverages automation that can be run as a Daemon or as a scheduled process that automatically creates incidents that correlate with the results extracted from a predefined query.

Cloud SOAR’s OIF is an integration framework based on open APIs for defining integrations within the SOAR integrations. The way Cloud SOAR’s OIF differs from other integration frameworks is that it offers unique capabilities that improve the cyber security posture of organizations:

• Creating integrations from the ground up with minimal programming knowledge required
• User can create custom integrations to use within the playbooks
• Defining integrations in a text-based format that works at an action level, not as one monolithic file
• Allowing users to manage complex integrations autonomously by breaking them down into multiple individual actions
• Providing an open and cooperative ecosystem that allows users to share integrations and playbooks for approaching particular use cases

Automated responder knowledge (ARK)

Cloud SOAR’s OIF system relies on its own machine learning engine, ARK. ARK allows Cloud SOAR to apply machine learning to historical data, learn what kind of responses were taken against threats, and recommend playbooks that are most likely to be effective against threats of similar nature.

With the help of ARK, OIF allows users to:

• Analyze incoming incidents based on shared indicators and their connection to similar incidents
• Propose relevant actions and playbooks by relying on its algorithm based on similar and related threats
• Prioritize threats with higher risk by assigning them to the appropriate team
• Identify parent incidents and link them together with similar incidents based on demographics
  
  

Learn more about Sumo Logic Cloud SOAR OIF.