Microsoft Defender for Endpoint + D3 Smart SOAR
Microsoft-Certified Endpoint Response Automation
Microsoft Defender users can orchestrate 26 different actions from Smart SOAR, including fetching events, enriching incidents with endpoint data, and quarantining infected hosts. This creates an automation-powered process for any endpoint security incident that acts quickly and conclusively before threats get out of control.
[Read the Blog]
Benefits and Capabilities
As a proud member of the Microsoft Intelligent Security Association (MISA) and the Azure Marketplace, D3 works closely with Microsoft to build and maintain integrations, including with Microsoft Defender for Endpoint. D3’s integrations ensure the best possible functionality for Microsoft customers, complementing Defender with powerful investigation, triage, and incident response capabilities.
- Faster time to value, through automation of Tier 1 and Tier 2 security work
- Vendor-agnostic security processes, with Smart SOAR orchestrating across the stack
- Deep integration with dozens of Microsoft tools
Use CAse
Endpoint Incident Response
Streamlining and automating incident response processes are essential for effective defense against threats. One way to achieve this is by integrating powerful cybersecurity tools like Microsoft Defender for Endpoint with a robust SOAR platform like Smart SOAR. Our tool-specific playbooks enrich, correlate, and respond to Defender alerts, with powerful automated actions, including:
- Ingesting alerts into Smart SOAR and updating alerts in Defender for Endpoint using API calls
- Gathering host and artifact information, such as active users and related file events
- Quarantining devices and initiating scans across endpoints
Use Case
Threat Hunting
Using Smart SOAR and Microsoft Defender for Endpoint as an integrated threat hunting solution speeds the investigation of new threats by streamlining the entire process from learning of the threat, to finding instances of it on endpoints, to quickly remediating it. All this can be orchestrated from Smart SOAR. Being able to build and trigger threat hunting playbooks in Smart SOAR also helps ensure consistency and reduce human error.
- Trigger endpoint scans and queries to find threats across the organization
- Automatically trigger scans for malicious hashes across endpoints
- Schedule threat hunting playbooks, or run them based on new intelligence
Why Smart SOAR?
Joint users of Microsoft Defender and D3 Smart SOAR don’t just get automated threat hunting and remediation of endpoint security incidents; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Microsoft Defender Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.