D3 has been recognized by industry analyst firms for its case and investigation management features. We help your SOC maintain detailed records of your security incidents including time-stamped details and actions taken to resolve them. Our Smart SOAR platform helps you proactively manage incidents, with the ability to capture, search, and analyze information.
D3 automatically groups together related events, preventing redundant work and enabling deeper and more efficient investigations.
Conduct investigations of every type. Log relevant details and evidence around a case. Build a team of investigators, store digital artifacts, assign tasks by priority, and more. Explore the links between entities, artifacts, events, and stakeholders in an interactive data visualization. Log incidents, analyst summaries, evidence, actions taken, recommendations, expenses, and other granular details from the lifecycle of an incident, with everything time-stamped, to support legal and regulatory compliance.
Collaborate with cross-functional teams on a case, breaking down an investigation into sub-tasks that can be assigned to members of the investigation team. Analysts can submit notes, interviews, and other time-stamped artifacts to document and manage a case as its scope grows and evolves. The instant messaging and email interface built within the Case Management module help improve collaboration and speed up incident response times.
D3 maintains provable chain of custody—a record of possession, location, etc. for both digital and physical artifacts collected during an investigation. This ensures that the data collected during an investigation is auditable and valuable during eDiscovery. For physical items, analysts can record details in custom fields, such as the make, model, serial number, inventory location, and photographs of the evidence.
Build compliance forms right into the investigation dashboard. Configure them to the specific needs and use-cases of your organization. Demonstrate compliance with a full audit trail of actions, from case preparation to resolution, with date- and time-stamped records of the investigation. A fully documented chain of custody supports role-based access, enabling analysts to work on cases involving insider threats without compromising confidentiality.