
ProACT MXDR Integration and Standard Operating Procedures

Your Complete Resource for ProACT MXDR Integration and Security Optimization
This resource offers comprehensive instructions and best practices for integrating and managing our Managed Extended Detection and Response (MXDR), MDR, In-house SOC, and SIEM solutions.
Leveraging our expertise, we’ve developed top-tier resources adhering to the highest standards, including:

Detailed Documentation
In-depth guides for seamless
integration.

Step-by-Step Instructions
Clear processes to enhance your security
operations.

Tailored Procedures
Custom SOPs for optimal performance of your threat detection solutions.
These guidelines are invaluable for organizations using MDR, In-house SOC, or SIEM solutions.
ProACT MXDR Standard Operating Procedures: From Integration to Enhanced Threat Detection

Details Covered in SOP Documents:
- Integration Pre-requisites
- Integration method (Push/Pull)
- Expected log types samples, for better threat analysis
- Vendor reference links

Benefits of SOP for Cybersecurity Teams:
- Ensuring the right data sources (Logs) for threat analysis
- Reduce the risk of mis-configuration
- Enhanced threat detection
- Improved compliance and audit readiness
Accelerate Time to Value with
Integration and Scalability
Learn about the key SOPs and best practices for successfully deploying MXDR in your organization
Sl. No | Vendor | Category | Sub-Category | Integration Method | SOP Hyperlink |
---|---|---|---|---|---|
1 | Thycotic | Access Management | Privileged Access Management (PAM) | Push method (Syslog) | Login To View |
2 | BeyondTrust | Access Management | Privileged Access Management (PAM) | Push method (Syslog) | Login To View |
3 | Cyberark | Access Management | Privileged Access Management (PAM) | Push method (Syslog) | Login To View |
4 | Trelix | Antivirus | Antivirus (McAfee ePO) | Push method (Syslog) | Login To View |
5 | TrendMicro | Antivirus | Apex One | Push method (Syslog) | Login To View |
6 | Seqrite | Antivirus | Antivirus | Push method (Syslog) | Login To View |
7 | TrendMicro | XDR | Vision One | Push method (Syslog) | Login To View |
8 | TrendMicro | EDR | Deep Security | Push method (Syslog) | Login To View |
9 | TrendMicro | Messaging | Email Solution | Push method (Syslog) | Login To View |
10 | PaloAlto | XDR | Xtended Detection and Response (XDR) | Push method (Syslog) | Login To View |
11 | Symantec | Antivirus | Endpoint Protection Manager | Push method (Syslog) | Login To View |
12 | Symantec | EDR | Endpoint Detection and Response (EDR) | Push method (Syslog) | Login To View |
13 | TrendMicro | Messaging | Antispam | Push method (Syslog) | Login To View |
14 | Sophos | EDR | Endpoint Detection and Response (EDR) | Pull method (API) | Login To View |
15 | Kaspersky | Antivirus | Antivirus | Push method (Syslog) | Login To View |
16 | Symantec | DLP | Data Loss Prevention (DLP) | Push method (Syslog) | Login To View |
17 | Zeek | Network | Network Detection and Response (NDR) | Push method (Agent) | Login To View |
18 | Sentinel One | EDR | Endpoint Detection and Response (EDR) | Push method (Syslog) | Login To View |
19 | F5 | Application Security | Web Application Firewall (WAF) | Push method (Syslog) | Login To View |
20 | Barracuda | Application Security | Web Application Firewall (WAF) | Push method (Syslog) | Login To View |
21 | Imperva | Application Security | Web Application Firewall (WAF) | Push method (Syslog) | Login To View |
22 | Fortiweb | Application Security | Web Application Firewall (WAF) | Push method (Syslog) | Login To View |
23 | Amazon | Cloud services | WAF | Push method | Login To View |
24 | Amazon | Cloud services | Postgress | Push method | Login To View |
25 | Amazon | Cloud services | ALB | Push method | Login To View |
26 | Amazon | Cloud services | Kubernetes | Push method | Login To View |
27 | Amazon | Cloud services | ELB | Pull method | Login To View |
28 | Amazon | Cloud services | RDS | Pull method | Login To View |
29 | Amazon | Cloud services | S3 | Pull method | Login To View |
30 | Amazon | Cloud services | S3 | Pull method | Login To View |
31 | Amazon | Cloud services | Clam AV | Pull method | Login To View |
32 | Amazon | Cloud services | Config | Pull method | Login To View |
33 | Cloudflare | DDOS | Cloudflare WAF / DNS | Pull method | Login To View |
34 | Amazon | Cloud services | VPC | Pull method | Login To View |
35 | Amazon | Cloud services | Aroura | Pull method | Login To View |
37 | Amazon | Cloud services | Route 53 | Pull method | Login To View |
38 | Azure | Cloud services | WAF | Pull method | Login To View |
39 | Azure | Cloud services | SQL | Pull method | Login To View |
40 | Azure | Cloud services | Azure Active Directory | Pull method | Login To View |
41 | Azure | Cloud services | Postgre SQL | Pull method | Login To View |
42 | Microsoft | Messaging | O365 | Pull method | Login To View |
43 | Microsoft | EDR | Defender for Endpoint (M365) | Pull method | Login To View |
44 | Azure | Cloud services | Defender for Cloud | Pull method | Login To View |
45 | Azure | Cloud services | Sentinel | Pull method | Login To View |
46 | GCP | Cloud services | Cisco Umbrella | Pull method | Login To View |
47 | GCP | Cloud services | Activity | Pull method | Login To View |
48 | Messaging | Google Workspace | Pull method | Login To View | |
49 | GCP | Cloud services | Audit | Pull method | Login To View |
50 | GCP | Cloud services | IAM | Pull method | Login To View |
51 | GCP | Cloud services | Kubernetes | Pull method | Login To View |
52 | GCP | Cloud services | SQL | Pull method | Login To View |
53 | Microsoft | Container Security | Defender | Pull method | Login To View |
54 | Oracle | Middleware | Database | Push method (Syslog) | Login To View |
55 | MongoDB | Middleware | Database | Push method (Syslog) | Login To View |
56 | MySQL | Middleware | Database | Push method (Agent) | Login To View |
57 | MSSQL | Middleware | Database | Pull method | Login To View |
58 | MariaDB | Middleware | Database | Push method (Syslog) | Login To View |
59 | PostgreSQL | Middleware | Database | Push method (Agent) | Login To View |
60 | MariaDB | Middleware | Database | Push method (Agent) | Login To View |
61 | DataSunrise | Middleware | Database | Push method (Syslog) | Login To View |
62 | Vmware | Hypervisor | VmWare | Push method (Syslog) | Login To View |
63 | Vmware | Hypervisor | ESXi | Push method (Syslog) | Login To View |
64 | Squid | Network | Proxy | Push method (Agent) | Login To View |
65 | Apache | Application Security | Web Server | Push method (Agent) | Login To View |
66 | Microsoft | Application Security | IIS | Push method (Agent) | Login To View |
67 | Github | Cloud services | Web Repository | Push method (Agent) | Login To View |
68 | Fortigate | Network | Firewall | Push method (Syslog) | Login To View |
69 | Fortinet | Network | Firewall | Push method (Syslog) | Login To View |
70 | Sonicwall | Network | Firewall | Push method (Syslog) | Login To View |
71 | Sophos | Network | Firewall | Push method (Syslog) | Login To View |
72 | Cisco | Network | Firewall | Push method (Syslog) | Login To View |
73 | Cisco | Network | Firewall | Push method (Syslog) | Login To View |
74 | Symantec | Network | Firewall | Push method (Syslog) | Login To View |
75 | Juniper | Network | Firewall | Push method (Syslog) | Login To View |
76 | Checkpoint | Network | Firewall | Push method (Syslog) | Login To View |
77 | PaloAlto | Network | Firewall | Push method (Syslog) | Login To View |
78 | TrendMicro | Network | Firewall | Push method (Syslog) | Login To View |
79 | F5 | Network | Firewall | Push method (Syslog) | Login To View |
80 | Fortinac | Network | Firewall | Push method (Syslog) | Login To View |
81 | Kaspersky | Network | Firewall | Push method (Syslog) | Login To View |
82 | Cisco | Network | Firewall | Push method (Syslog) | Login To View |
83 | Hillstone | Network | Firewall | Push method (Syslog) | Login To View |
84 | ESET | Network | Firewall | Push method (Syslog) | Login To View |
85 | Cisco | Network | Firewall (Firepower) | Push method (Syslog) | Login To View |
86 | Fortigate | Network | Firewall | Push method (Syslog) | Login To View |
87 | Fortinet | Network | Switch | Push method (Syslog) | Login To View |
88 | Sophos | Network | Intrusion Prevention System (IPS) | Push method (Syslog) | Login To View |
89 | Fortinet | Network | Intrusion Prevention System (IPS) | Push method (Syslog) | Login To View |
90 | Checkpoint | Network | Intrusion Prevention System (IPS) | Push method (Syslog) | Login To View |
91 | Suricata | Network | Intrusion Prevention System (IPS) | Push method (Syslog) | Login To View |
92 | Citrix | Network | Load Balancer | Push method (Syslog) | Login To View |
93 | A10 | Network | Load Balancer | Push method (Syslog) | Login To View |
94 | Vmware | Network | SD WAN | Push method (Syslog) | Login To View |
95 | DELL | Network | IDPA | Push method (Syslog) | Login To View |
96 | DELL | Network | Switch | Push method (Syslog) | Login To View |
97 | Juniper | Network | Switch | Push method (Syslog) | Login To View |
98 | Cisco | Network | Switch | Push method (Syslog) | Login To View |
99 | Cisco | Network | Router | Push method (Syslog) | Login To View |
100 | Aruba | Network | Switch | Push method (Syslog) | Login To View |
101 | Dell | Network | Switch | Push method (Syslog) | Login To View |
102 | Netgear | Network | Switch | Push method (Syslog) | Login To View |
103 | Cisco | Network | ISE | Push method (Syslog) | Login To View |
104 | Cisco | Network | Switch | Push method (Syslog) | Login To View |
105 | Huawei | Network | Switch | Push method (Syslog) | Login To View |
106 | Huawei | Network | Unified Security Gateway (USN) | Push method (Syslog) | Login To View |
107 | Huawei | Network | Router | Push method (Syslog) | Login To View |
108 | Kemp | Network | Load Master | Push method (Syslog) | Login To View |
109 | Huawei | Network | Agile Controller | Push method (Syslog) | Login To View |
110 | HAProxy | Network | Proxy | Push method (Syslog) | Login To View |
111 | TrendMicro | Network | Tipping Point (IPS) | Push method (Syslog) | Login To View |
112 | Microsoft | Operating System | Windows | Push method (Agent) | Login To View |
113 | Ubuntu | Operating System | Linux | Push method (Agent) | Login To View |
114 | Microsoft | Operating System | Active Directory | Push method (Agent) | Login To View |
115 | Microsoft | Operating System | DNS | Push method (Agent) | Login To View |
116 | Ubuntu | Operating System | Linux | Push method (Syslog) | Login To View |
117 | Ubuntu | Operating System | Linux | Push method (Agent) | Login To View |
118 | IBM | Operating System | AIX | Push method (Syslog) | Login To View |
119 | FutureX | HSM | Hardware Security Module (HSM) | Push method (Syslog) | Login To View |
120 | DELL | HSM | Hardware Security Module (HSM) | Push method (Syslog) | Login To View |
121 | Ngnix | Application Security | Web Server | Push method (Agent) | Login To View |