We are always making improvements to our NextGen SOAR platform, and we recently released a major new update for all of our clients. There are a lot of exciting updates, which can be summarized in a few key themes:
Let’s take a closer look at the new updates that make these things possible.
The new Guided Setup feature acts like a self-service portal to simplify the process of configuring and learning how to use the platform. It’s now easier for user administrators to create and manage accounts to build out their SOC team.
Setting up integrations with other tools is faster now too. Out-of-the-box integrations are visually displayed in an “app store” style format, where the user can simply click on the tool they want to integrate, input the connection credentials, and they’re ready to go. The user can also define a tool to be the default integration for a particular type of action, which saves the time of having to make changes across every playbook.
Our new Nested Playbook Editor (previously known as the Integration Playbook) makes it easier than ever to create smaller playbooks for command tasks, which can be dropped into larger playbooks. We’ve completely revamped our playbook editor to make it easier to create and edit complex workflows that are visually intuitive.
The event viewer interface has been revamped to support more efficient workflows. The side panel now shows the history of all event activity including a chat feature where users can add and review notes in the timeline.
The new advanced search features enable users to find and link related events or incidents to the event they’re currently viewing. Importantly, users can execute bulk actions across search results, such as dismissing or escalating events.
We also now support manual addition of adversary TTPs (tactics, techniques, and procedures) to events. In addition to our automatic TTP correlation, users can add TTPs from the event viewer.
There is also now a simple, searchable, drop-down list of investigators so the user can easily assign the event to the right person.
Event automation rules enable the user to automate the escalation and dismissal processes by pre-defining a set of criteria for the system to match. Being able to set predefined conditions and link multiple relevant events and incidents means the analyst can spend less time analyzing each repetitive event and more time focusing on the important tasks at hand.
The long hours spent analyzing raw incident data and determining if it warrants an incident creation are a thing of the past. With the new Incident Field Mapping feature, you can now map incident data from configured connections to instantly create an incident within the platform. No matter what site or incident source you are working with, we ensure all relevant information is adequately captured. Fields from most out-of-the-box integrations are automatically mapped.
D3 now supports more automatic actions that can be applied to incoming events before a playbook is triggered, such as IP, URL, and file reputation checks. Users can now set custom commands triggered by the dismissal or escalation of events, such as notification emails.
The new task scheduler can set up jobs to run inside or outside of playbooks to enable proactive security. For example, users could set up a weekly vulnerability scan, or a much more frequent task like scanning an email inbox every five minutes.
If you want to see these improvements for yourself, schedule a demo with one of our product experts today. You’ll see these new features alongside the rest of the D3 platform, including our codeless playbooks, MITRE ATT&CK correlation, and 300+ integrations.