Why Smart SOAR is the Best SOAR for Trellix (formerly McAfee) Endpoint Security

Trellix (formerly McAfee) Endpoint Security and Smart SOAR combine to produce a unified threat management and incident response system. Security teams may be looking for ways to integrate their tools without consolidating within a single vendor. For teams in this position, Smart SOAR is a perfect fit. With this integration, users can combine their endpoint data with network, identity, email and other security tools into a cohesive system that works together to detect and mitigate threats.

In this blog post, we’ll demonstrate how you can use Trellix Endpoint Security for several workflows, such as compliance audit and reporting, threat intelligence and policy enforcement, and proactive vulnerability scanning.

Use Cases for Smart SOAR’s Integration with Trellix

Compliance Audit and Reporting Automation:

Combine the “List Repository” command with the “Check Repository Compliance” command and further chain it with the “List Running Server Task” command. This integrated workflow enables the listing of all repositories, checking their compliance status, and then retrieving a list of running server tasks to validate that compliance scans are actively running and up-to-date.

Threat Intelligence and Policy Enforcement Automation:

Chain the “Search Threat Events” command with the “Find System By Tag Name” command and the “Assign Policy To System” command. This integrated workflow allows for the search of threat events, identification of systems with a specific tag, and automatic assignment of a predefined security policy to the identified systems, based on the threat intelligence gathered.

Proactive Vulnerability Scanning:

Chain the “Find System by Group” command with the “Get Device Info” command and the “Scan Endpoint By IP” command. This workflow pulls a list of all endpoints in a specific group, gathers details on the device, and then initiates scans of each device. This enables proactive identification and remediation of potential vulnerabilities.

Takeaway

Smart SOAR and Trellix can be integrated to assist with incident response, compliance auditing, threat intelligence, and vulnerability scanning. By combining endpoint data from Trellix with the automation and orchestration capabilities of Smart SOAR, users can transform siloed tools into a unified ecosystem that work together to minimize the impact of individual security incidents.

Pierre Noujeim

Pierre Noujeim is a Product Marketing Manager with a cyber security engineering background. Having implemented SOAR at enterprise organizations as well as for D3's MSSP partners, Pierre has rich and varied insight into integrations, use cases and the cyber security vendor landscape. A dedicated product marketer, Pierre represents D3 at analyst briefings, webinar workshops and industry conferences such as RSA and Black Hat.

• linkedin
• email
• book a demo

[Video] How a Large Financial Services Firm Harnesses Smart SOAR

D3 Security to Showcase New Smart SOAR™ Features at Infosecurity Europe