Every organization spends a great deal on security tools, but how do they know if the tools are actually detecting malicious activity? Without regular testing, vulnerabilities can easily go undiagnosed. However, many organizations don’t have the budget for a dedicated red team or the internal resources to run frequent attack simulations. By integrating with AttackIQ, D3 users can run simulations of their most high-risk attack types to ensure they are being prevented by security tools. D3 can then ingest the test results and automatically orchestrate the next steps, such as querying SIEM logs for more information, or sending email notifications to system administrators to check tool configurations.

By integrating D3 SOAR and AttackIQ, users can easily prioritize the attack types they need to test, and automate scheduled tests for regular intervals. D3 correlates incoming events against the MITRE ATT&CK Matrix, which feeds into D3’s Monitor Dashboard. On this dashboard, analysts can see the prevalence of each ATT&CK technique in their environment, immediately revealing the most frequent types of attacks they are facing. This information can then be used to schedule AttackIQ assessments of those attacks using an automated playbook.