Get a Demo

TruSTAR + D3 Smart SOAR

Bring Rich Intelligence into Your SecOps

D3’s integration team has closely studied TruSTAR to provide a powerful integration that enables automated threat intelligence gathering and enrichment. The integration enables users to:

Enrich Smart SOAR incidents with TruSTAR’s feeds and threat intelligence resources

Customize searches for indicators in TruSTAR directly from the Smart SOAR interface

Enable users to correlate incidents with reports available on TruSTAR

Get the D3 Integrations Guide

Benefits and Capabilities

TruSTAR is an intelligence management platform that transforms and automates data for security operations teams and tools. D3’s integration with TruSTAR enables enrichment of Smart SOAR incidents with TruSTAR’s aggregated intelligence feeds for rapid assessment of threats.

  • Bring together internal and external intelligence
  • Visualize connections in TruSTAR’s constellation graphs
  • Automate threat intelligence gathering
  • Compare indicators submitted through Smart SOAR to those already in TruSTAR

Use CAse

Automated Enrichment

Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from TruSTAR. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Smart SOAR can automatically query TruSTAR for indicators and other relevant data related to new alerts. An analyst can search via the Smart SOAR console, and instantly bring over additional field-data. Plus, it’s agile. You can change the integration parameters via our easy-to-use admin tool.

  • Feed TTP information directly into Smart SOAR’s incident overview area and Monitor Dashboard
  • Create a high-fidelity risk score, based on TruSTAR intelligence and other integrated sources
  • Orchestrate your response across hundreds of integrated tools to quickly shut down active threats

Use Case

Potential Phishing Analysis

When a potential phishing email is escalated to Smart SOAR, either through an email protection system or manually by the recipient, Smart SOAR extracts the sender’s domain and the URL of any links in the message. Smart SOAR can then use TruSTAR to look up those extracted indicators and reveal any associated malicious activity. Based on the result, the Smart SOAR user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.

  • Send URLs and attachments to an integrated sandbox from the Smart SOAR playbook
  • Retrieve sandbox reports as attachments in the Smart SOAR investigation dashboard
  • Delete malicious emails from inboxes across the company via integrations with email systems

Why Smart SOAR?

Joint users of TruSTAR and D3 Smart SOAR don’t just get automated threat intelligence enrichment and phishing analysis; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Event Pipeline, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

TruSTAR Integration: Summary

Key Details
Feature-rich integration
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Automated response across cloud and on-premise systems

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations