Trellix + D3 Smart SOAR
Automate Response and Accelerate Investigations
Trellix’s enterprise security suite protects on-premise, cloud, and hybrid environments through leading endpoint protection, SIEM, and network protection tools, among others. D3 and Trellix have joined forces to combine the Trellix suite with D3 Smart SOAR for automated incident response and silo-free investigations.
Expert-Built and Maintained Integrations
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We work closely with Trellix to provide numerous feature-rich integrations, including:
- Trellix ePolicy Orchestrator: Smart SOAR can orchestrate dozens of endpoint protection actions in Trellix ePO, including scanning endpoints, ingesting threat events, and updating policies.
- Trellix Enterprise Security Manager: Smart SOAR connects with Trellix ESM to provide well-informed incident response and investigation management to SIEM alarms. Smart SOAR ingests alarms as well as queries Trellix ESM for related events and contextual data.
- Trellix Intelligent Sandbox: Smart SOAR can detonate suspicious URLs in Trellix Intelligent Sandbox and ingest the results into incident reports.
- Trellix Network Security: D3 integrates with Trellix Network Security to quarantine hosts.
Use CAse
Alarm Enrichment and Response
By combining Trellix ESM for threat detection with D3 Smart SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in Smart SOAR and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.
- Leverage ESM and ePO’s deep visibility into endpoints, networks, databases, and applications
- Reduce screen-switching, manual tasks, and dwell times
- Triage, enrich, and respond in seconds, not hours
Use Case
Endpoint Security Automation
When an endpoint threat event is detected by Trellix ePO, Smart SOAR can correlate the IOCs against other data sources, determine the risk level, and orchestrate a response. D3 can detonate any suspicious files in Trellix Intelligent Sandbox, scan endpoints for other instances of the file, and take remediation actions such as blocking the hash, and quarantining endpoints.
- Confirm and correlate adversary TTPs found in endpoint events
- Automatically document investigations, artifacts, and timelines in Smart SOAR
- Orchestrate response actions across your other Trellix tools
Why Smart SOAR?
Joint users of the Trellix suite and D3 Smart SOAR don’t just get automated detection and response across Trellix tools; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Trellix Integrations: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.