ZeroFox + D3 Smart SOAR
Disrupt Threats to Your Brand and Online Assets
D3’s integration team has closely studied ZeroFox to provide a powerful integration that enables automated brand protection and seamless threat intelligence enrichment.
Benefits and Capabilities
The ZeroFox Platform protects critical digital assets and data from digital threats at the scale and speed of the internet. D3’s integration with ZeroFox brings automation and orchestration to ZeroFox’s AI-powered threat intelligence and digital risk protection capabilities. When ZeroFox finds threats against your brand, public-facing assets, customers, or employees, D3 jumps into action to investigate and coordinate an automation-powered response.
- Comprehensively remediate alerts by leveraging Smart SOAR’s hundreds of integrations to act across the entire stack.
- Protect your public attack surface through AI-powered intelligence and automation-powered response.
- Minimize manual steps for takedown requests and other actions.
Use CAse
Brand Protection
Every brand has public-facing assets, such as websites and login portals, that can be mimicked for malicious means. These fake assets might be used to damage the brand’s reputation, or more sinisterly, to trick people into giving up their passwords and other personal information. Brand impersonation alerts created by ZeroFox can be escalated to Smart SOAR for analysis and response. Smart SOAR strips out the elements of the alert, such as the URL, and checks them against integrated threat intelligence sources. If the URL is known to be malicious, Smart SOAR submits it to the firewall to be blocked, searches for emails containing the URL, and runs a phishing email sub-playbook.
- Search an integrated SIEM to find internal hosts that have connected to the URL and determine if any data was lost.
- Orchestrate specific actions in ZeroFox, such as triggering a takedown request or adding the URL to a threat feed.
- Assign the incident to a user in ZeroFox and send an email notification to that user via the brand protection playbook.
Use Case
Threat Intelligent Enrichment
By integrating Smart SOAR with ZeroFox, you can automatically enrich events from your detection tools with ZeroFox threat intelligence, as well as assess their criticality through additional data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an automated response playbook based on the incident type that has been identified.
- Eliminate screen-switching and data silos by automating threat intelligence lookups from Smart SOAR.
- Correlate against data from hundreds of integrated tools, past incidents, and internal databases.
- Quickly identify false positives so your team has the time to respond to real threats.
Why Smart SOAR?
Joint users of ZeroFox and D3 Smart SOAR don’t just get automated threat intelligence enrichment and brand protection; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
ZeroFox Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.