SISA monogram in White

ProACT MXDR Integration and Standard Operating Procedures

Your Complete Resource for ProACT MXDR
Integration and Security Optimization

This resource offers comprehensive instructions and best practices for integrating and managing our Managed Extended Detection and Response (MXDR), MDR, In-house SOC, and SIEM solutions.

Leveraging our expertise, we’ve developed top-tier resources adhering to the highest standards, including:

Detailed Documentation

In-depth guides for seamless
integration.

Step-by-Step Instructions

Clear processes to enhance your security
operations.

Tailored Procedures

Custom SOPs for optimal performance of your threat detection solutions.

These guidelines are invaluable for organizations using MDR, In-house SOC, or SIEM solutions.

ProACT MXDR Standard Operating Procedures: From Integration to Enhanced Threat Detection

Details Covered in SOP Documents:

  • Integration Pre-requisites
  • Integration method (Push/Pull)
  • Expected log types samples, for better threat analysis
  • Vendor reference links

Benefits of SOP for Cybersecurity Teams:

  • Ensuring the right data sources (Logs) for threat analysis
  • Reduce the risk of mis-configuration
  • Enhanced threat detection
  • Improved compliance and audit readiness

Accelerate Time to Value with
Integration and Scalability

Learn about the key SOPs and best practices for successfully deploying MXDR in your organization
Sl. NoVendorCategorySub-CategoryIntegration MethodSOP Hyperlink
1ThycoticAccess MgmtPrivileged Access Management (PAM)Push method (via syslog service)
2BeyondTrustAccess MgmtPrivileged Access Management (PAM)Push method (via syslog service)
3CyberarkAccess MgmtPrivileged Access Management (PAM)Push method (via syslog service)
4McafeeEndpointAntivirusPush method (via syslog service)
5TrendMicroEndpointEndpoint Detection and Response (EDR)Push method (via syslog service)
6SeqriteEndpointAntivirusPush method (via syslog service)
7TrendMicroEndpointAntivirusPush method (via syslog service)
8TrendMicroEndpointAntivirusPush method (via syslog service)
9TrendMicroNetwork MgmtEmail SolutionPush method (via syslog service)
10PaloAltoEndpointXDRPush method (via syslog service)
11SymantecEndpointAntivirusPush method (via syslog service)
12SymantecEndpointEndpoint Detection and Response (EDR)Push method (via syslog service)
13TrendMicroNetwork MgmtAntispamPush method (via syslog service)
14SophosEndpointEndpoint Detection and Response (EDR)Pull method (via API)
15KasperskyEndpointAntivirusPush method (via syslog service)
16SymantecEndpointData Loss Prevention (DLP)Push method (via syslog service)
17SophosEndpointEndpoint Detection and Response (EDR)Pull method (via API)
18ZeekNetwork MgmtNetwork MonitoringPush method (via filebeat agent)
19Sentinel OneEndpointEndpoint Detection and Response (EDR)Push method (via syslog service)
20F5Network MgmtWeb Application Firewall (WAF)Push method (via syslog service)
21BarracudaNetwork MgmtWeb Application Firewall (WAF)Push method (via syslog service)
22ImpervaNetwork MgmtWeb Application Firewall (WAF)Push method (via syslog service)
23FortiwebNetwork MgmtWeb Application Firewall (WAF)Push method (via syslog service)
24AmazonCloud servicesWAFPull method (via s3 bucket)
25AmazonCloud servicesPostgressPull method (via s3 bucket)
26AmazonCloud servicesALBPull method (via s3 bucket)
27AmazonCloud servicesKubernetesPull method (via s3 bucket)
28AmazonCloud servicesELBPull method (via s3 bucket)
29AmazonCloud servicesRDSPull method (via s3 bucket)
30AmazonCloud servicesS3Pull method (via s3 bucket)
31AmazonCloud servicesS3Pull method (via s3 bucket)
32AmazonCloud servicesClam AVPull method (via s3 bucket)
33AmazonCloud servicesConfigPull method (via s3 bucket)
34CloudflareDDOSCloudflarePull method (via s3 bucket)
35AmazonCloud servicesVPCPull method (via s3 bucket)
37AmazonCloud servicesArouraPull method (via s3 bucket)
38AmazonCloud servicesRoute 53 Pull method (via s3 bucket)
39AzureCloud servicesWAFPull method (via Eventhub)
40AzureCloud servicesSQLPull method (via Eventhub)
41AzureCloud servicesAzure Active DirectoryPull method (via Eventhub)
42AzureCloud servicesPostgre SQLPull method (via Eventhub)
43AzureCloud servicesApplication GatewayPull method (via Eventhub)
44AzureEmail SecurityO365Pull method (via Eventhub)
45MicrosoftEDRDefenderPull method (via Eventhub)
46MicrosoftCloud servicesDefender for Cloud Pull method (via Eventhub)
47AzureCloud servicesSentinalPull method (via Eventhub)
48GCPCloud servicesCisco UmbrellaPull method (via pubsub)
49GCPCloud servicesActivity Pull method (via pubsub)
50Email SecurityMessagingGoogle Workspace Pull method (via pubsub)
51GCPCloud servicesAuditPull method (via pubsub)
52GCPCloud servicesIAMPull method (via pubsub)
53GCPCloud servicesKubernetesPull method (via pubsub)
54GCPCloud servicesSQLPull method (via pubsub)
55MicrosoftContainer SecurityDefenderPull method (via pubsub)
56OracleMiddlewareDatabasePull method (via JBDC plugin)
57MongoDBMiddlewareDatabasePush method (via syslog service)
58MySQLMiddlewareDatabasePush method (via filebeat agent)
59MSSQLMiddlewareDatabasePull method (via JBDC plugin)
60MariaDBMiddlewareDatabasePush method (via syslog service)
61PostgreSQLMiddlewareDatabasePush method (via filebeat agent)
62MariaDBMiddlewareDatabasePush method (via filebeat agent)
63DataSunriseMiddlewareDatabasePush method (via syslog service)
64VmwareHypervisorVmWarePush method (via syslog service)
65VmwareHypervisorESXiPush method (via syslog service)
66SquidApplication SecurityWeb ServerPush method (via filebeat agent)
67ApacheApplication SecurityWeb ServerPush method (via filebeat agent)
68AzureApplication SecurityIISPush method (via filebeat agent)
69GithubMiddlewareWeb RepositoryPush method (via filebeat agent)
70FortigateNetwork MgmtFirewallPush method (via syslog service)
71FortinetNetwork MgmtFirewallPush method (via syslog service)
72SonicwallNetwork MgmtFirewallPush method (via syslog service)
73SophosNetwork MgmtFirewallPush method (via syslog service)
74CiscoNetwork MgmtFirewallPush method (via syslog service)
75CiscoNetwork MgmtFirewallPush method (via syslog service)
76SymantecNetwork MgmtFirewallPush method (via syslog service)
77JuniperNetwork MgmtFirewallPush method (via syslog service)
78CheckpointNetwork MgmtFirewallPush method (via syslog service)
79Palo-AltoNetwork MgmtFirewallPush method (via syslog service)
80TrendMicroNetwork MgmtFirewallPush method (via syslog service)
81F5Network MgmtFirewallPush method (via syslog service)
82FortinacNetwork MgmtFirewallPush method (via syslog service)
83KasperskyNetwork MgmtFirewallPush method (via syslog service)
84CiscoNetwork MgmtFirewallPush method (via syslog service)
85HillstoneNetwork MgmtFirewallPush method (via syslog service)
86ESETNetwork MgmtFirewallPush method (via syslog service)
87Fire-EyeNetwork MgmtFirewallPush method (via syslog service)
88FortigateNetwork MgmtFirewallPush method (via syslog service)
89FortinetNetwork MgmtSwitchPush method (via syslog service)
90SophosNetwork MgmtIntrusion Prevention System (IPS)Push method (via syslog service)
91FortinetNetwork MgmtIntrusion Prevention System (IPS)Push method (via syslog service)
92CheckpointNetwork MgmtIntrusion Prevention System (IPS)Push method (via syslog service)
93SuricataNetwork MgmtIntrusion Prevention System (IPS)Push method (via syslog service)
94CitrixNetwork MgmtLoad BalancerPush method (via syslog service)
95A10Network MgmtLoad BalancerPush method (via syslog service)
96VmwareNetwork MgmtAppliancePush method (via syslog service)
97DELLNetwork MgmtAppliancePush method (via syslog service)
98DELLNetwork MgmtAppliancePush method (via syslog service)
99JuniperNetwork MgmtSwitchPush method (via syslog service)
100CiscoNetwork MgmtSwitchPush method (via syslog service)
101CiscoNetwork MgmtRouterPush method (via syslog service)
102ArubaNetwork MgmtSwitchPush method (via syslog service)
103DellNetwork MgmtSwitchPush method (via syslog service)
104NetgearNetwork MgmtSwitchPush method (via syslog service)
105CiscoNetwork MgmtAppliancePush method (via syslog service)
106CiscoNetwork MgmtSwitchPush method (via syslog service)
107HuaweiNetwork MgmtSwitchPush method (via syslog service)
108HuaweiNetwork MgmtAppliancePush method (via syslog service)
109HuaweiNetwork MgmtRouterPush method (via syslog service)
110KempNetwork MgmtAppliancePush method (via syslog service)
111HuaweiNetwork MgmtAppliancePush method (via syslog service)
112HAProxyNetwork MgmtAppliancePush method (via syslog service)
113TrendMicro Tipping PointNetwork MgmtIntrusion Prevention System (IPS)Push method (via syslog service)
114MicrosoftOperating SystemWindowsPush method (via filebeat agent)
115UbuntuOperating SystemLinuxPush method (via filebeat agent)
116MicrosoftOperating SystemActive Directory Push method (via winlogbeat agent)
117MicrosoftOperating SystemDNS Push method (via winlogbeat agent)
118UbuntuOperating SystemLinuxPush method (via syslog service)
119UbuntuOperating SystemLinuxPush method (via Auditbeat service)
120IBMOperating SystemAIXPush method (via syslog service)
121FutureXSecurity ApplianceHardware Security Module (HSM)Push method (via syslog service)
122DELLSecurity ApplianceHardware Security Module (HSM)Push method (via syslog service)
123NgnixApplication SecurityWeb ServerPush method (via filebeat agent)

Resources

SISA’s Latest
close slider