REPORT

Sumo Logic named a Visionary in the Gartner Magic Quadrant for SIEM Read the Report

DevOps and Security Glossary Terms

Open Integration Framework (OIF)

What is Open Integration Framework?

Open Integration Framework (OIF) is an integration framework created to make the process of integration within a platform run as smoothly as possible. The Open Integration Framework philosophy makes it easier for organizations to connect disparate security tools for a more seamless security remediation workflow. OIF fundamentally changes the way integrations are being utilized within a platform, allowing users to easily integrate with third-party technologies, develop external connectors and trigger various automated actions.

Why is OIF important in cybersecurity?

Ease of integration with multiple technologies and third-party products is a vital component of modern SOCs. OIF’s open integration nature allows users to have the freedom to connect to any security tool without disrupting the natural workflow of their SecOps. With OIF, there are no limits to the way users can customize, integrate, and adjust their security processes, allowing them to create various integrations, launch various actions, and choose the most optimal workflows.

What are the key benefits of OIF?

OIF allows security teams to gain better control over their security operations, establish the most optimal SecOps workflows, improve their remediation processes, and most importantly - create limitless integrations. These are the most valuable benefits you can extract from OIF:

  • Faster integration development

  • Multiple scripting languages

  • No advanced coding skills required

  • Users can customize their existing integrations and also add new ones

  • Minimal technical knowledge required

  • Built-in and third-party libraries

  • Custom integrations are easily shared among users

  • Advanced incident response capabilities

  • Total control over all your integrations

What kind of actions does Cloud SOAR’s OIF allow you to create?

With Cloud SOAR’s Open Integration Framework, users can add to playbook seven different types of color-based actions:

  • Enrichment

  • Scheduled

  • Containment

  • Notification

  • Custom

  • Automatically assigned tasks

  • Machine or user choices

All of these actions can be tailored to the organization's specific requirements.

What is the process of creating an integration with Cloud SOAR’s OIF?

Cloud SOAR allows you to create integrations via the innovative use of Docker containers. When creating an integration, you can upload individual action files. Afterward, you can code the action within the integration action file by using one of the supported scripting languages:

  • Perl

  • Python

  • Powershell

  • Bash

All the scripting languages are wrapped into YAML configuration for optimal customizability. Lastly, by using different third-party libraries, you can choose the Docker container you want the integration to be launched in.

Utilizing Daemons to optimize the use of automation

Cloud SOAR provides the flexibility necessary to customize and run different types of automated procedures. When users generate integrations within Cloud SOAR, the OIF capability allows them to choose an action type labeled “Daemon.” This type of action leverages automation that can be run as a Daemon or as a scheduled process, and it automatically creates incidents that correlate with the results extracted from a predefined query.

The key differentiators of Cloud SOAR’s OIF

Sumo Logic Cloud SOAR’s Open Integration Framework is an integration framework based on open APIs for defining integrations within the Cloud SOAR Platform. The way Cloud SOAR’s OIF differs from other integration frameworks is that it offers unique capabilities that improve the cybersecurity posture of organizations:

  • Creating integrations from the ground up with minimal programming knowledge required

  • User can create custom integrations that can be used within playbooks

  • Defining integrations in a text-based format that works at an action level, not as one monolithic file

  • Allowing users to manage complex integrations autonomously by breaking them down into multiple individual actions

  • Providing an open and cooperative ecosystem that allows users to share integrations and playbooks for approaching particular use cases

Automated Responder Knowledge (ARK)

With the help of ARK, OIF allows users to:

  • Analyze incoming incidents based on shared indicators and their connection to similar incidents

  • Propose relevant actions and playbooks by relying on its algorithm based on similar and related threats

  • Prioritize threats with higher risk by assigning them to the appropriate team

  • Identify parent incidents and link them together with similar incidents based on demographics

Cloud SOAR’s OIF system relies on ARK - its very own machine learning engine. ARK allows Cloud SOAR to apply machine learning to historical data, learn what kind of responses were taken against threats, and recommends playbooks that are most likely to be effective against threats of similar nature.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.