- SOAR 101
While SOAR platforms can do a lot of things, their effectiveness will be largely contingent on how well they integrate with their clients’ security infrastructure. That’s why D3 integrates with more than 260 applications in order to orchestrate more than 400 different actions. Integrating with D3 has always been seamless, but the latest release of D3 SOAR has completely overhauled the process, making building, editing, and maintaining playbooks even easier than before. In this article we’ll explain how D3 makes integrations easier to set up, easier to do more with, and easier to maintain.
Easier to Set Up
In D3’s Playbook Editor, all integrations can be found in the drop-down menu under “Command Task”. Every integrated action is listed, so all the user has to do is pick from the list and drop the action into their playbook. The actions are scripted by D3 in the back end, so no Python coding is required of the user.
If you need to connect to a tool that isn’t one of D3’s 260+ out-of-the-box integrations, it’s also easy to create a custom integration. In the D3 Playbook Editor, this is called a “New REST API Task”. All the user has to do to create an integration is fill in the server URL and API credentials, and D3 can connect with the tool for the specified action.
Easier to Do More
The D3 data model allows SOC teams to seamlessly digest, normalize, and transform raw event data, and set predefined mappings to D3 from a multitude of cyber event sources. To say this more plainly, D3 allows analysts to skip time-consuming field-mapping for integrated data sources so they can instantly ingest elements in to the right places.
D3’s Command Tasks also allow users to do more with their integrated tools in a playbook than typical integrations allow. Command Tasks can be used for comprehensive data processing, data transformation, system actions, and third-party integration actions.
Easier to Maintain
The below-the-surface costs of any major technology purchase largely come from the hours put into maintenance. In many SOAR platforms, the user must write new scripts every time an integration changes, such as when a new version of an integrated tool is released. In these other platforms, simply replacing an important tool, such as a firewall, could force a user to rewrite hundreds of scripts across their playbooks. With D3, it’s always as simple as drag and drop. If your tools change, you might have to replace some playbook blocks with new ones, but you’ll never have to write Python scripts.
The Codeless Future of SOAR
As you can see, the advantages of D3’s integrations come from its innovative “codeless” system, where the workload of writing scripts is taken away from your team and put onto ours; and we’re happy to do it! With skilled cybersecurity practitioners so hard to find and retain these days, we believe its important for our SOAR platform to free up our clients to spend more time investigating threats and protecting their organization, and less time writing scripts and maintaining their integrations.
To learn more about how D3 is reimagining SOAR for 2020 and beyond, check out our SOAR 2.0 release announcement. It has lots of details about our new features, including our embedded MITRE ATT&CK Matrix for automated enrichment and correlations.