Cybereason + D3 Smart SOAR
Turn High-Fidelity MalOps into Automated Response
D3’s feature-rich integration with the Cybereason Platform enables incident responders and threat hunters to benefit from Cybereason’s MalOps—which provide fully contextualized pictures of attacks, instead of piecemeal alerts—while also being able to query virtually anything across the platform.
Benefits and Capabilities
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We work closely with Cybereason to provide a powerful integration that enables 27 distinct actions, including the ability to:
- Amalgamate MalOps feeds in Smart SOAR for analysis and investigation
- Orchestrate response actions from Smart SOAR playbooks, such as remediating processes, killing processes, and isolating hosts
- Update IOC reputations and categories, and prevent malicious IOCs from executing
- Run queries across the Cybereason Platform to retrieve data from sensors, MalOps, processes, and more
Use CAse
Endpoint MalOp Response Automation
When Cybereason detects a potential endpoint incident, Smart SOAR can retrieve the highly detailed MalOp for investigation. Smart SOAR then enriches the MalOp with threat intelligence and past incident data, as well as gathering additional information from Cybereason by querying sensors, users, files, processes, domains, and more. If the MalOp is deemed a true positive, Smart SOAR can trigger an automated response playbook that orchestrates a response across the security environment.
- Bring in data from hundreds of integrated tools
- Orchestrate actions in Cybereason like killing processes and isolating affected machines
- When the process is complete, Smart SOAR can update the MalOp status in Cybereason with the results
Use Case
IOC Update Orchestration
If Smart SOAR determines an IOC to be malicious, either through integrated threat intelligence sources or the result of an incident investigation, it can orchestrate the appropriate updates in Cybereason to protect against the threat. Smart SOAR can set the IOC reputation, assign it to a category (e.g. virus or blacklist), and—if the IOC is a file—prevent it from executing.
- Secure your environment by sharing intelligence between tools
- Hunt for threats based on findings from investigations
- Incorporate unlimited threat intelligence sources into your endpoint security
Why Smart SOAR?
Joint users of Cybereason and D3 Smart SOAR don’t just get integrated endpoint incident response automation and IOC management; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Cybereason Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.