- SOAR 101
Integrations are critical to the value you will get out of a SOAR platform. You’ll want a platform that integrates with the security tools you use of course, but not all integrations are created equal, so you’ll also want to ensure that those integrations are feature-rich and don’t require you to do heavy scripting to make them work.
If you’re evaluating SOAR platforms, you’re probably wondering: does D3 SOAR integrate with the tools I use? D3 integrates with more than 260 security tools, so the answer is probably yes. Many of these integrations are certified, feature-rich, and bidirectional, and none of them require client scripting. D3 does all the scripting on our end, so the integrations work right out of the box.
Integrating your tools with D3 is a great way to centralize your security operations, ensure efficient and repeatable workflows, and leverage the power of automation and orchestration in your SOC. Using D3 as your SecOps hub also puts your security alerts through D3’s powerful MITRE ATT&CK correlations, which identify related events to predict adversaries’ next steps.
To make it easy to learn about the integrations that are relevant to you, we’ve collected links to all of our downloadable integration guides in this blog post. Keep in mind, this is not even close to a complete list of D3’s integrations. For more integrations, check our integrations page or send us an email and ask.
D3 has robust, out-of-the-box integrations with all Fortinet tools, including FortiSIEM and FortiGate. D3 can act as the central interface for security operations across Fortinet tools, orchestrating everything from firewall policy management, to SIEM alert enrichment and FortiSandbox malware analysis.
You can find our joint solution guide for Fortinet here.
D3 is a McAfee SIA Partner, with integrations that include Enterprise Security Manager, Advanced Threat Defense, ePolicy Orchestrator, and more. D3 ingests ESM alarms, enriches them with threat intelligence, and runs automation-powered playbooks that orchestrate actions across McAfee tools.
You can find our joint solution guide for McAfee here.
D3 integrates with a wide range of Symantec tools, including Advanced Threat Protection, Endpoint Detection and Response, and Advanced Security Gateway. D3 and Symantec’s joint solution streamlines security operations and incident response workflows from end to end.
You can find our joint solution guide for Symantec here.
D3 integrates with CrowdStrike Falcon tools, including Falcon X, Falcon Streaming API, Falcon Endpoint Protection, and Falcon Sandbox. This gives joint users a powerful command center with which to analyze endpoint alerts, enrich them with threat intelligence, detonate files, and execute endpoint protection actions.
You can find our joint solution guide for CrowdStrike here.
D3’s bidirectional integration with Splunk enables powerful response to notable events with D3’s playbooks, orchestration engine, and MITRE ATT&CK correlations. D3 quickly separates false positives and low-risk events from genuine threats for prioritized response.
You can find our joint solution guide for Splunk here.
D3 integrates with Sentinel, Azure Security Center, Graph API, Exchange, and more to help organizations secure their Azure environments. Microsoft clients benefit from adding D3’s orchestration features to cloud security alerts and phishing email analysis, just to name a few use-cases.
You can find our joint solution guide for Microsoft here. You can find our joint solution guide specifically for Sentinel here.
D3’s integration with Datadog fills the gap between application monitoring and remediation by turning Datadog’s comprehensive information into automation-powered playbooks with full enrichment, orchestrated actions, and proven workflows for everything from cloud service outages to security breaches.
You can find our joint solution guide for Datadog here.
D3’s integration with Chronicle enables a combined analytic and investigative solution that can scale with no added cost. Chronicle is able to ingest third-party threat intelligence and data from across a client’s environment, including their detection tools, EPP, syslog, and more. D3 can use this detailed intelligence to enrich alerts, while querying Chronicle for data to support advanced investigations.
You can find our joint solution guide for Chronicle here.
The combination of Check Point and D3 SOAR provides the SOC with vastly improved visibility, intelligence and agility. Events in Check Point trigger automated playbooks in D3, which gather context from across the security ecosystem. If the event is convicted, D3 will execute the remediation plan, which can be fully or partially automated.
You can find our joint solution guide for Check Point here.
D3 integrates with Elasticsearch, the search and analytics engine at the heart of the Elastic stack. Predefined queries in Elasticsearch can generate alerts that are escalated to D3 for investigation of possible security concerns. D3 can also enrich events from other sources by querying Elasticsearch for additional context.
You can find our joint solution guide for Elasticsearch here.
D3 acts as a unified dashboard for analysis and investigation of LogRhythm events, enriching them with correlated MITRE ATT&CK matrix techniques, threat intelligence, and historical incident data. From D3, LogRhythm users not only benefit from automation and orchestration-powered response workflows, but also robust investigative case management and reporting toolsets.
You can find our joint solution guide for Logrhythm here.
D3 integrates with Carbon Black for improved endpoint protection, threat hunting, and automated incident response. D3 and Carbon Black users benefit from better analysis and time-saving orchestrated actions with minimal context-switching.
You can find our joint solution guide for Carbon Black here.
D3 integrates with the Palo Alto Networks Application Framework, including Autofocus Threat Intelligence, Wildfire Malware Analysis, and Panorama Network Security Management. D3’s dynamic, automation-powered playbooks turn alerts from Palo Alto tools into rapid actions across the application framework, all from a single screen.
You can find our joint solution guide for Palo Alto here.
D3 integrates with numerous Cisco tools, including Threat Grid, Umbrella, Talos, and Firepower Management Center, to centralize and correlate valuable security data and turn it into automated actions across Cisco tools.
You can find our joint solution guide for Cisco here.
D3 integrates with Micro Focus ArcSight ESM to act as a unified dashboard for analysis and investigation of ArcSight ESM events, enriching events with correlated MITRE ATT&CK matrix techniques, threat intelligence, and historical incident data.
You can find our joint solution guide for Micro Focus here.
D3 integrates with HX Agent, NX, Malware Analysis and other FireEye tools. D3 streamlines workflows for FireEye users and increases the value they get from their tools. D3’s integrations across the FireEye suite put alerts, enrichment, file detonation, and orchestrated commands all on one screen.
You can find our joint solution guide for FireEye here.
D3 is a Lastline Technology Alliance Partner. D3’s integration with Lastline brings powerful, AI-based malware analysis, risk scoring, detonation, and threat intelligence into D3’s incident response workflows.
You can find our joint solution guide for Lastline here.
D3’s bidirectional integration with ThreatQ brings intelligence from over 100 aggregated sources into incident reports via automatic or manual lookups. D3 also allows users to contribute suspected threat indicators to ThreatQ’s body of knowledge.
You can find our joint solution guide for ThreatQuotient here.
D3 integrates with both VirusTotal and DomainTools for automated incident enrichment. D3 pre-populates incidents with reputation data and other intelligence to enable at-a-glance analysis.
You can find our joint solution guide for VirusTotal and DomainTools here.
Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.REGISTER NOW