Halo Cortex is the fastest way for you to start building out your security automation workflows – with minimal impact on development cycles. Halo Cortex helps you make the transition to DevSecOps faster and easier utilizing a centralized set of coordinated integration tools and services that rapidly integrate Halo into your existing CI/CD toolchain.
Halo Cortex was purpose-built for DevOps: many of the tools included are delivered as Docker containers that can be easily transitioned into the toolset you’re already using. Cortex combines many of your most common integrations into one easy-to-implement package and also allows you to interact with Halo through Slack.
As a Halo user, Cortex is readily available to you. You can use Cortex as-is, or your team can extend its functionality by customizing it to meet your specific organizational needs.
Donbot allows users to interact with Halo within the Slack application and supports a number of different interactions just by switching to the #halo channel. Donbot can manage a rolling IP blacklist and workload quarantine, and it notifies you of critical events in your Halo account by placing them in-channel.
This asynchronous task manager allows multiple users (via Donbot) to interact simultaneously with Halo and prevents long-running queries and reports from interrupting or delaying any user interaction.
Firewall-Graph runs on-demand, generating graphical representation of a specific Halo group’s firewall policy.
This component runs daily and ships all scan data from Halo modules to S3 for long-term storage or further analysis. You can use this functionality to meet long-term compliance needs or for deep analysis of historical security information.
This component runs daily and ships all events, from all modules, from your Halo account to AWS S3 for long-term storage or for further analysis. Similarly to Scans-to-S3 you can use this tool to facilitate deep analysis of historical security data.
EC2-Halo-Delta runs on-demand and creates a CSV file containing a list of all EC2 instances across your AWS accounts that are not protected by a CloudPassage Halo agent. Use Donbot to pull a container image that can be repurposed and run as a daily task from your existing CI tool. CSVs can be delivered to specific Slack groups based on the unprotected instances’ attributes, e.g. AWS account membership, VPC location, regional location, SSH key used in provisioning.
“Halo Cortex is available as community-supported, open-source software under the BSD license. CloudPassage offers support for Halo Cortex alongside CloudPassage Halo.”