In Q2 2025, a European e-commerce giant suffered a supply-chain attack via trojanized DLLs. Manual playbooks in Palo Alto Cortex XSOAR took 4–6 hours per incident.
Silent Push integration collapsed response time to under 15 minutes and enabled fully automated blocking. The deployment blocked 850+ Indicators of Future Attack (IOFAâ„¢) across 12 campaigns.
Dual TIP + SOAR Architecture
TIP (MISP): Ingested and normalized Indicators of Future Attack (IOFAâ„¢)
SOAR (Cortex XSOAR): Executed two automated playbooks with Silent Push enrichment
Alert-Driven Playbook
SIEM alert → /v2/enrich → Score ≥7 → Auto-block via firewall API
Indicators of Future Attack (IOFAâ„¢)-Driven Playbook (Scheduled)
Runs every 3 hours → Pull fresh Indicators of Future Attack (IOFA™) → Enrich → Push blocks to proxy/firewall
Key Technical Details
Enrichment via
/v2/enrichWebhooks used instead of polling
False-positive rate <2%
Measured Outcomes
850+ Indicators of Future Attack (IOFAâ„¢) automatically blocked
Response time reduced 96%
€2M in transactions protected
SOAR ROI achieved in 3 months
Silent Push’s API became the decision engine that turned raw Indicators of Future Attack (IOFA™) into proactive defense.