Skip to content

Connectors

Can Coro export data to Security Information/Event Management (SIEM) systems?

Yes, Coro has the ability to integrate with Security Information and Event Management (SIEM) solutions. This means that ticket data is available in real time within your SIEM platform, allowing you to maximize these data benefits.

Coro currently supports the following integrations:

  • Splunk

  • Microsoft Sentinel

  • Generic webhook integrations

For further information, see Security Information and Event Management (SIEM) integration

What are the advantages of integrating with a Security Information/Event Management (SIEM)?

A customer can employ a SIEM system for many reasons, including:

Centralized Log Management: SIEM systems collect and store log data from multiple sources in a centralized location, allowing for efficient analysis and investigation of security events.

Real-time Threat Detection: By correlating and analyzing security event data in real time, SIEM can identify and alert security teams to potential threats and malicious activities as they occur.

Incident Response and Forensics: SIEM tools provide valuable insights into security incidents, enabling faster incident response and investigation. They can help identify the root cause of incidents, perform forensic analysis, and support compliance requirements.

Compliance and Audit Support: SIEM solutions assist organizations in meeting regulatory compliance requirements by providing robust log management, monitoring, and reporting capabilities. They help demonstrate adherence to security standards and facilitate audit processes.

Threat Intelligence Integration: Many SIEM systems integrate with external threat intelligence feeds, enriching the analysis with up-to-date information about known threats and indicators of compromise (IOCs).

Operational Efficiency: SIEM streamlines security operations by automating log collection, correlation, and alerting processes. It reduces the time and effort required to identify and respond to security incidents, improving overall operational efficiency.

Scalability and Flexibility: SIEM solutions can handle large volumes of security event data from diverse sources, making them scalable for organizations of varying sizes. They can be customized and adapted to specific security requirements and environments.

How does the Coro Trial state work?

A workspace moves into a Trial state when it is currently in a New state and an onboarding event trigger occurs for the first time, for example, a cloud app is connected, a device is activated, or an inbound gateway is set up.

During the trial period data is monitored and tickets generated for both protected and unprotected users. Unlike previously, all tickets will be presented in the Actionboard. Data is monitored and tickets are generated for all devices.

After activation, a workspace remains in a Trial state for a period of 30 days if no endpoint devices are activated.

When an endpoint device is activated within the workspace, the workspace Trial state is extended for an additional 30 days.

For further information, see Coro workspace lifecycle.

How much granularity can be seen inside a Security Information/Event Management (SIEM) instance?

Ticket data is exported to SIEM platforms, therefore the granularity is at the ticket level.

What data can be transmitted from Coro to a connected Security Information/Event Management (SIEM) platform?

Coro transmits all ticket related details to the connected SIEM platform. The connected SIEM platform has access to the same ticket information as the console. This information varies depending on the ticket type.

How does generating API credentials within the Coro UI help with security?

Coro allows you to rotate between up to 10 active sets of API credentials. API credential rotation offers enhanced security and mitigates the risk of unauthorized access to sensitive systems and data. By regularly changing API credentials, organizations can limit the exposure window for potential attackers who may have obtained old or compromised credentials. This practice also aligns with security best practices, ensuring that only authorized users or applications have access to critical APIs, reducing the likelihood of security breaches, and enhancing overall data protection and system integrity.

Coro also supports API credential expiry dates. Setting API credential expiration dates provides an additional layer of security and control. It ensures that access permissions are time-limited, reducing the risk of long-term unauthorized access.

For further information, See Creating API credentials.