6Oca
Is there an API abstraction for the integrations in a SOC
We are writing custom automation for common activities throughout our Security Operations Center e.g. When SIEM raises alert, enrich it with whether IP address is malicious. When we close an incident in our ticketing system (ServiceNow) close corresponding alerts in the SIEM.
We want to make it easy to switch out the underlying vendors in the future e.g. to check if IP address is malicious, we may switch from VirusTotal to AbuseIPDB or other service in the future. We may switch our ticketing system or SIEM in the future.
Before we roll out our own abstraction, I wanted to check -- is there an good abstraction API for common security integrations that we can use for this purpose?
