Sophos + D3 Smart SOAR
Powerful Endpoint and Network Orchestration
Integrations with Sophos make Smart SOAR the perfect command center for intaking events, scanning for malicious files, and orchestrating actions across endpoints and firewalls. Smart SOAR’s automation-powered playbooks, MITRE ATT&CK framework, and deep investigative capabilities bring effective and repeatable workflows to all endpoint events.
Expert-Built and Maintained Integrations
D3’s integration team takes the burden of coding, troubleshooting, and updating integrations off your hands. Our deep research into integrated technologies has produced important integrations with three Sophos tools:
- Sophos Central: Ingest alerts into Smart SOAR from Sophos’ unified management console.
- Sophos Intercept X: Orchestrate security tasks through Sophos’ endpoint protection platform.
- Sophos XG Firewall: Block malicious IPs and URLs on your network.
Use CAse
Compromised Endpoint Remediation
When a compromised endpoint is detected, Smart SOAR enriches the alert with threat intelligence to get a risk score. If the file is determined to be malicious, Smart SOAR can then query other endpoints via Sophos Intercept X to find any other instances of the file. Having now identified the full extent of the compromise, the analyst can use Smart SOAR to orchestrate actions across the affected endpoints, such as to remove the file, block the hash, kill processes, or quarantine the endpoint.
- Triage endpoint alerts through Smart SOAR’s Event Pipeline
- Automate response across the entire environment
- Scan endpoints for traces of threats
Use Case
Potential Phishing Incident Analysis
With Smart SOAR’s integration with Sophos tools, when a phishing attempt is reported to the SOC, it triggers an automated phishing playbook in Smart SOAR that parses out the elements of the email, including the potentially malicious attached file. The file is then checked against integrated intelligence sources and past incidents. If it is confirmed as a genuine incident, Smart SOAR blocks the IP and URL using Sophos XG Firewall and scans endpoints, via Sophos Intercept X, to find other affected machines.
- Automatically update network and firewall rules based on the results of the investigation
- Detonate suspicious files in an integrated sandbox
- Group events from a phishing campaign into a single incident for investigation
Why Smart SOAR?
Joint users of Sophos Central, Intercept X, XG Firewall, and D3 Smart SOAR don’t just get automated endpoint security and incident response, they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Sophos Integrations: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.