Muninn AI Detect & Muninn AI Prevent - Integrations
Generally, we integrate to and from “anything” with our open APIs – as long as the sender or recipient has open APIs – and they give access to commands like “isolate” a device, or they allow us to import lists of “indicators of compromise” or they allow us to deliver our fully baked security alerts or even the full flow of all the meta-data, we generate through our network full protocol analysis. We also integrate to MS365, Azure, AWS and can be installed on VMware and HyperV.
What if there is a product that we have not yet made an integration to?
General Muninn Company Policy on Doing New Integrations
We have already ahead of time decided that we will top-prioritize to do any new possible needed integrations requested by our customers or partners. So, if you have a certain type of endpoint software or switching equipment with open APIs that have an “isolate” command, we will do that integration and put it at the top of our development priority list.
Specifically – what are the options for import or export to and from the Muninn AI sensor?
Data from Muninn AI Detect into other systems
Muninn AI Detect easily sends either the fully baked security alerts or the full flow of the extracted protocol analysis metadata into an external system like a SIEM or SOAR system or platform. This is done using standard rest API software – and we have already done many such integrations – for instance into IBM Qradar / Resilient systems and others.
Data from other systems into Muninn AI Detect
You can easily set up Muninn AI Detect to automatically or manually receive your own lists of IoCs (Indicators of Compromise). This enables you as a partner or end customer to add the info or subscriptions you have directly and immediately into the heart of Muninn – upgrading the security to be current and 100% alive. We already to insert Indicators of Compromise lists into Muninn AI Detect on a regular basis – but you might have your own that you want to be sure are added.
Muninn AI Prevent integrations to other blocking systems
We have our own way to agentlessly, surgically and without integrations to block a particular device in real time, when it behaves maliciously. That is done using TCP-reset injected into the communication in the network – which is possible for us to do since we are a full recipient of all the network traffic in the network. We have ensured this happens so fast – we respond with a “drop it” command before other devices respond.
Network Equipment Integrations
Muninn AI Prevent is fully able to use the open APIs found in other software applications like Windows Defender ATP (AV+EDR), Carbon Black, Trend Micro Apex One and many more. The good thing in this solution is that we integrate to software that is already installed. The downside is that we do not cover printers, IoTs and mobile devices with this.
Network Equipment Integrations
The “Rolls Royce model” of integrations is to integrate into the network equipment. This is possible when the network is using equivalents of SDN (Software Defined Networks) or otherwise has an open API which we can integrate to and activate an “isolate” command. This is the “Rolls Royce model” of Muninn AI Prevent because it blocks ALL traffic to and from the very maliciously behaving device immediately – not only those with agents installed or only TCP traffic – but all traffic – including UDP on all devices – including IoT etc.