Detect and stop exfiltration attempts with F5 Distributed Cloud App Infrastructure Protection
In this article we show one way we can use F5 Distributed Cloud App Infrastructure Protection to implement the "assume breach" principle of the Zero Trust framework and automate a number of actions, including the threat response, by integrating it with an Open-Source SIEM/SOAR platform. We demonstrate how an exfiltration attempt can be detected by Distributed Cloud AIP, how the generated alert is automatically imported into TheHive and converted to a case by Node-RED. Once the security analyst resolves the case as a true positive event, we see how automated actions are taken by Node-RED to block the outgoing connection on the Distributed Cloud platform.
