ITDR
About Orchestrate
The Orchestrate feature enables integration with leading security solutions to forward events, contain threats, and enrich security events.
The Orchestrate feature provides the following benefits and enables you to:
- Configure condition-based rules to automate workflows, notifications, and response actions using containment integration tools.
- Integrate third-party tools and solutions for event data enrichment, containment of attackers, and analysis of data using security information and event management (SIEM) solutions.
- Configure API tokens for programmatic access, event templates, and service connectors to forward data to SIEM solutions.
About the Orchestrate Menu
On the Orchestrate menu, you can do the following:
- Go to the Rules page to create and manage rules that automate workflows, notifications, and containment in response to threat detection.
- Go to the Enrich page to integrate with various third-party data enrichment solutions to add relevant contextual information to security events and manage security threats efficiently.
- Go to the Containment page to integrate seamlessly with third-party security solutions to isolate active attackers with automated or manual containment.
- Go to the API Tokens page to create and manage API tokens for setting up programmatic access to various functions in the Zscaler ITDR Admin Portal.
- Go to the Event Templates page to create and manage event notification templates.
- Go to the Service Connectors page to create and manage service connectors that forward events and audit logs from the ITDR Admin Portal to the SIEM solution.
- Go to the SIEM Integrations page to integrate third-party SIEM solutions to transmit logs in real time.