SecurityAdvisor

Use SecurityAdvisor integration to coach your end users on cyber security threats they face. SecurityAdvisor advisor contextual coaching platform allows you to perform targeted coaching to users therefore making them more likely to change their behavior and reduce the number of incidents. For example, a user whose system is often targeted for malware can be coached with a malware context, a phishing target educated about phishing. Our training is quick & relevant not more than 5 minutes and has shown to reduce incidents from targeted user by 90% due to better security awareness and hygine.

Use Cases


  1. A user is targeted with a phishing attack. Use coach-end-user end user command with this user's email address and "phishing" context to send them a training on Email Phishing.
  2. A malware is found on user's machine due to unsafe browsing habbits. Use coach-end-user end user command with this user's email address and "malware" context to send them a training on staying safe online.
  3. A user is targeted with ransomware attack. Use coach-end-user end user command with this user's email address and "ransomware" context to send them a training on staying safe online.
  4. You can create conditional coaching conditions like send coaching is the user has scored less than 80 in a particular coaching context.

You can add coach-end-user command (see commands below) to any section of your playbook to trigger these notifications.

Prerequisites

You need an API key for this integration.

  1. Log in to www.securityadvisor.io.
  2. Navigate to the My Profile section or contact support@securityadvisor.io.

Configure SecurityAdvisor on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for SecurityAdvisor.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • use system proxy
    • trust any certificate
    • API Endpoint URL = "https://www.securityadvisor.io/
    • API Key = See Prerequisites above to get your API key
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. 1. coach-end-user

1. Coach an end user


Sends a contextual message to a single user. This command takes a user email address as "user" input. This is where the training email is sent. The "context" input has four predefined settings:

  • malware: Coach user on malware
  • phishing: Coach user on phishing
  • ransomware: Coach user on ransomware
  • spam: Coach user to avoid spam
Base Command

coach-end-user

Input
Argument NameDescriptionRequired
userUser email address.Required
contextCoaching context.Optional
Context Output
PathTypeDescription
SecurityAdvisor.CoachUser.coaching_datestringTime when coaching was sent or completed.
SecurityAdvisor.CoachUser.coaching_statusstringUser coaching status for context. "Pending" means that coaching has been sent and is pending. "Done" means the user has completed the coaching.
SecurityAdvisor.CoachUser.coaching_scorestringUser's coaching score (out of 100).
SecurityAdvisor.CoachUser.contextstringCoaching context.
Command Example

coach-end-user user="track@securityadvisor.io" context="phishing"

Context Example
{
"SecurityAdvisor.CoachUser": {
"coaching_date": "2019-10-04T21:04:19.480425",
"coaching_status": "Pending",
"coaching_score": "",
"user": "track@securityadvisor.io",
"context": "phishing",
"message": "Coaching Sent"
}
}

SecurityAdvisorBot says...

coaching_datecoaching_statuscoaching_scoreusercontextmessage
2019-10-04T21:04:19.480425Pendingtrack@securityadvisor.iophishingCoaching Sent