Experience Building Demisto & Writing Python Integrations

After about a month on working on the Demisto Security Orchestration, Automation, and Response (SOAR) Platform it was up and running and the analysts were using it in production. When used in conjunction with a well built SIEM solution, access to endpoints and paid API’s it is very powerful and you can have less analysts on shift. Or performing more offensives tasks such as threat hunting. The support was great. You get your own engineer who will answer any question you have at any moment. And can be reached via slack for lighting fast response times. Programmers will love this product as you can write your own scripts or integrations which i did. I wrote a integration so that demisto can automatically open and close tickets in our native ticketing system (ConnectWise) Link Here It didnt take too long. And was fairly straight forward. I plan on writing some integrations that can automate running log reports in our SIEM (ELK) and auto upload it to the case that came in. To further automate the analyst tasks of running a report in the incident time frame. Building this platform alone was a great learning experience. And i feel no fear of any project after deploying building and maintaining this solution. Overall a great product if everything is running smoothly before it. Lay the foundation before the bells and whistles.