Symantec + D3 Smart SOAR
Orchestrate Across your Security Infrastructure
D3’s integration team has closely studied the APIs and capabilities of Symantec tools to create powerful integrations with:
Benefits and Capabilities
Symantec enterprise security solutions, now part of Broadcom, comprise some of the most widely used endpoint security tools and a comprehensive advanced threat protection suite. D3’s integrations with Symantec allow you to streamline SecOps and IR workflows, reduce manual coordination, and operationalize the MITRE ATT&CK framework across your security infrastructure.
- Make security data more actionable across your SOC
- Automate response to DLP incidents
- Orchestrate tasks across Symantec’s Endpoint Protection, Messaging Gateway, Data Loss Prevention, and other third-party tools
Use CAse
Malware Enrichment and Incident Response
Smart SOAR integrates with Symantec tools to orchestrate actions across the security infrastructure, minimizing some repetitive tasks and automating others. Smart SOAR can ingest a malware alert from Symantec Endpoint Protection, parse out the IOCs, and trigger a malware-specific playbook, which automatically enriches the alert with threat intelligence and historical data to highlight correlations and quantify risk. The playbook can then trigger automated remediation actions—like quarantining an affected endpoint—or notify the responsible analysts and guide them through the necessary steps.
- Incorporate data from hundreds of integrated tools.
- Trigger full endpoint scans from Smart SOAR.
- Block hashes based on investigation findings.
Use Case
Potential Phishing Incident Analysis
When a phishing attempt is detected by a tool or reported to the SOC, Smart SOAR can trigger an automated phishing playbook that parses out the elements of the email and checks them against third-party threat intelligence, the MITRE ATT&CK Matrix, and historical incident data. If the email is confirmed as malicious, Smart SOAR can then orchestrate the appropriate response actions, including adding the sender’s IP to blacklists in Symantec Messaging Gateway and quarantining affected endpoints via Symantec Endpoint Protection.
- Quickly confirm and disrupt active phishing campaigns.
- Automatically group together related alerts to address entire campaigns with a single playbook.
- Leverage Smart SOAR’s integrations with email systems to search for other emails from the same sender.
Why Smart SOAR?
Joint users of Symantec and D3 Smart SOAR don’t just get real-time endpoint protection, secure messaging, and data loss prevention; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Symantec Integrations: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.