Get a Demo

LogRhythm + D3 Smart SOAR

Combine Threat Management with Automated Response

LogRhythm SIEM and LogRhythm Axon provide holistic visibility across IT environments, enabling effective and efficient incident detection and response. The integrations with D3 Smart SOAR build upon these capabilities, helping security teams to monitor, triage, and respond to threats in a streamlined manner.

Triage alerts through D3’s Event Pipeline

Orchestrate response playbooks across hundreds of tools

Manage multiple Axon instances from Smart SOAR

Get the D3 Integrations Guide

Benefits and Capabilities

D3 and LogRhythm work closely together to build and maintain the best possible SIEM-to-SOAR integrations, including custom solutions for health monitoring and content management, which enables MSSPs to automatically deploy changes to analytic rules, reports, and other content across multiple tenants. 

  • Increase speed and quality of triage by enriching LogRhythm events using Smart SOAR
  • Respond fast and consistently with incident-specific playbooks for LogRhythm events
  • Automate health monitoring for data ingestion
  • Synchronize SIEM and SOAR investigations

Use Case 1

Consolidated Investigations

Cyber-attacks may require analysts to gather contextual data and resolve the threat while dealing with screen switching, data silos, and a lack of up-to-date information. Analysts spend too much of their time completing mundane tasks, which leads to longer remediation times, and higher chances of human error. Smart SOAR users can centralize all incoming alerts in a single investigation dashboard, where they are processed with event and incident playbooks automatically to remove repetitive manual tasks such as data enrichment and correlation from incident response workflows. 

  • Save analysts time and energy they can use to make more accurate decisions
  • Automatically reflect changes to incidents made in Smart SOAR back to the LogRhythm case
  • Consolidate all alert sources and LogRhythm Axon instances into a single screen

Use Case 2

Health Monitoring

With many data sources to manage, it’s easy to miss when one has stopped being ingested properly. Security teams should be able to trust that their alert queue accurately reflects their environment, without having to constantly double-check each data source. Health monitoring automates the process of generating a case in Axon when ingestion fails. This workflow ingests logs specific to a technology, such as firewall or endpoint, and ensures that ingestion is working as expected.

  • If ingestion is not running properly, a case is created in Axon and an incident is created in Smart SOAR for investigation
  • Run the workflow on a scheduled cadence to ensure consistency
  • No manual activity required for active log health monitoring

Why Smart SOAR?

Joint users of LogRhythm and D3 Smart SOAR don’t just get alert enrichment, deep investigations, and incident response; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Event Pipeline, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

LogRhythm Integration: Summary

Key Details
Integration certified by partner
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Bi-directional data sync

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations