SOAR renewal? Migrate to D3 for free

Learn More
Get a Demo

utility actions

Security Workflow Automation Utility Actions

Replace Your Scripts with Pre-Built Playbook Blocks

Utility actions, also called utility commands, can be used to automate data manipulation, enrichment, and other actions within Smart SOAR. We provide 300+ out-of-the-box security automation utility actions, with the ability to create and customize utility actions with compete flexibility and control.

Custom Utility Commands

In addition to Smart SOAR’s out-of-the-box utility actions, users can also create custom actions via the Command Editor. After configuring custom inputs and outputs, users can implement the command via a python script or codeless playbook, where the task nodes can simply be dragged and dropped into a workflow.

Users can export and import custom utility actions from one Smart SOAR environment to another

Custom actions can be tested via the playbook editor

Users can schedule recurring execution of custom actions

The Three Types of Utility Commands

There are three types of utility actions in Smart SOAR: basic, cyber, and system. Basic utility actions enable simple data processing, such as querying or transforming. Cyber utility actions generally focus on enrichment or extraction of information related to artifacts. System utility actions act on system objects, such as incidents, global lists, SLAs, and users.

Examples of basic utility actions: Append Text, Less or Equal, Convert Number to Text

Examples of cyber utility actions: Extract URLs from JSON Object, Check Email Authenticity

Examples of system utility actions: Close Incident, Add to Global List, Resume SLA

Use-Cases for Security Orchestration Utilities

Smart SOAR’s utility commands offer a powerful suite of tools for enhancing the incident response process. These security orchestration utilities enable teams to automate and streamline various aspects of incident management, from initial detection to final reporting. Here are three practical applications of these commands that demonstrate their effectiveness in real-world scenarios:

Graphic depicting Smart SOAR utility action for enriching email data to gather more details about a suspicious email

Data Enrichment

Use Check Email Authenticity and Extract Basic Information from Email File to gather more details about a suspicious email.

Graphic depicting Smart SOAR utility action for adding investigation details and generating incident summary reports.

Documentation and Reporting

Add Investigation Table Content and Generate Incident Summary Report can be used to eliminate manual reporting and documentation throughout an investigation.

Graphic depicting Smart SOAR utility action Correlate Events to identify related patterns and artifacts from past incidents

Analysis and Correlation

Use Correlate Events to find any related events or patterns and Get Related Incidents by Artifact to see if similar artifacts were involved in past incidents.

Get Started with D3

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.

Get Started