Jan 29 2021 04:10 AM
Hi Guys,
I need to integrate MCAS with Demisto (SOAR). We have Splunk as SIEM tool in our environment.
Should I integrate MCAS with Splunk first and then to Demisto (so that all logs first go to SIEM and then to Demisto) or directly integrate MCAS with Demisto?
Need assistance to know what should be best approach and what will be the advantages over the other.