By integrating D3 Smart SOAR (Security Orchestration, Automation, and Response) with Stellar Cyber Open XDR, organizations can create a seamless incident response workflow that minimizes time to contain and enables better decision-making. This article outlines how the integration works and how it can be complemented by other remediation tools.
“Combining Stellar Cyber’s Open XDR capabilities with Smart SOAR’s automated response creates an end-to-end incident response environment where analyst teams can successfully manage the firehose of alerts they’re facing,” said Andrew Homer, Vice President of Strategic Alliances at Stellar Cyber.
Smart SOAR can automate the initial response steps by fetching events and incidents directly from Stellar Cyber via the API. The ‘Fetch Event’ and ‘Get Event Details’ functions within Smart SOAR retrieve raw events and specific details about those events. This is crucial for rapid threat detection.
Moreover, the ‘Fetch Incident’ and ‘Search Incidents’ API calls enable Smart SOAR to pull existing incident reports from Stellar Cyber, which can then be managed and tracked through Smart SOAR. This ensures that the incident response process is comprehensive and that no critical incident is overlooked.
As Smart SOAR takes action on these events and incidents, it’s essential to maintain consistency between the systems. The ‘Update Events’ and ‘Update Incidents’ capabilities facilitate this by allowing Smart SOAR to push status changes and updates back to Stellar Cyber. This synchronization ensures that analysts working directly in Stellar Cyber are always up-to-date with the latest incident data and response activities.
Upon ingesting events from Stellar Cyber, Smart SOAR can then leverage its integration capabilities with other tools to enrich the event data. Enrichment might involve pulling threat intelligence from external databases, running vulnerability scans, or using sandbox technology to analyze the threat’s behavior in a controlled environment.
Once the event is enriched and an incident is confirmed, Smart SOAR can orchestrate remediation actions. This could range from simple actions like blocking an IP address on a firewall to more complex responses like isolating a compromised endpoint from the network or deploying patches to vulnerable systems.
To complement the automated workflow between Smart SOAR and Stellar Cyber, organizations can integrate a variety of other security tools:
The integration of D3 Smart SOAR with Stellar Cyber represents a powerful combination for incident response automation. By automating the ingestion, enrichment, and remediation of incidents and ensuring that this information is synchronized back to Stellar Cyber, organizations can create a robust incident response process that is both efficient and effective. Further complementing this workflow with additional security tools enables a layered defense strategy that can significantly improve an organization’s ability to respond to and recover from security incidents.