Get a Demo

Trellix + D3 Smart SOAR

Automate Response and Accelerate Investigations

Trellix’s enterprise security suite protects on-premise, cloud, and hybrid environments through leading endpoint protection, SIEM, and network protection tools, among others. D3 and Trellix have joined forces to combine the Trellix suite with D3 Smart SOAR for automated incident response and silo-free investigations. 

Automate response to Trellix ESM alarms through codeless playbooks

Integrate your Trellix tools with the rest of your stack

Triage and enrich alerts through D3’s Event Pipeline

Get the D3 Integrations Guide

Expert-Built and Maintained Integrations

D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We work closely with Trellix to provide numerous feature-rich integrations, including:

  • Trellix ePolicy Orchestrator: Smart SOAR can orchestrate dozens of endpoint protection actions in Trellix ePO, including scanning endpoints, ingesting threat events, and updating policies.
  • Trellix Enterprise Security Manager: Smart SOAR connects with Trellix ESM to provide well-informed incident response and investigation management to SIEM alarms. Smart SOAR ingests alarms as well as queries Trellix ESM for related events and contextual data.
  • Trellix Intelligent Sandbox: Smart SOAR can detonate suspicious URLs in Trellix Intelligent Sandbox and ingest the results into incident reports.
  • Trellix Network Security: D3 integrates with Trellix Network Security to quarantine hosts.
Flowchart depicting the integration process between Trellix and D3 Security's Smart SOAR

Use CAse

 Alarm Enrichment and Response

By combining Trellix ESM for threat detection with D3 Smart SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in Smart SOAR and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.

  • Leverage ESM and ePO’s deep visibility into endpoints, networks, databases, and applications
  • Reduce screen-switching, manual tasks, and dwell times
  • Triage, enrich, and respond in seconds, not hours

Use Case

 Endpoint Security Automation

When an endpoint threat event is detected by Trellix ePO, Smart SOAR can correlate the IOCs against other data sources, determine the risk level, and orchestrate a response. D3 can detonate any suspicious files in Trellix Intelligent Sandbox, scan endpoints for other instances of the file, and take remediation actions such as blocking the hash, and quarantining endpoints.

  • Confirm and correlate adversary TTPs found in endpoint events
  • Automatically document investigations, artifacts, and timelines in Smart SOAR
  • Orchestrate response actions across your other Trellix tools

Why Smart SOAR?

Joint users of the Trellix suite and D3 Smart SOAR don’t just get automated detection and response across Trellix tools; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Event Pipeline, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

Trellix Integrations: Summary

Key Details
Multiple feature-rich integrations
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Sandbox integration for malware detonation

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations