AttackIQ Integration

XGEN SOAR Integration

AttackIQ’s Breach and Attack Simulation capabilities combine with D3 XGEN SOAR’s orchestration engine and MITRE ATT&CK TTP correlation to create an end-to-end solution for effective attack detection and response. Joint users can run scheduled or ad hoc simulations of specific attacks, ingest the results back into D3 playbooks, and orchestrate the necessary steps to resolve any vulnerabilities.
AttackIQ Integration

Download Integration Guide



Integration Features

1
Run AttackIQ Assessments directly from D3 playbooks
2
Manage the assessment process entirely through D3, via integrations across the entire security stack
3
Turn failed assessments into automation-powered investigations
4
Use D3’s Monitor Dashboard to prioritize testing of certain techniques

Key Use Case

#1

Ad Hoc Attack Simulation

Every organization spends a great deal on security tools, but how do they know if the tools are actually detecting malicious activity? Without regular testing, vulnerabilities can easily go undiagnosed. However, many organizations don’t have the budget for a dedicated red team or the internal resources to run frequent attack simulations. By integrating with AttackIQ, D3 users can run simulations of their most high-risk attack types to ensure they are being prevented by security tools. D3 can then ingest the test results and automatically orchestrate the next steps, such as querying SIEM logs for more information, or sending email notifications to system administrators to check tool configurations.
#2

Prioritizing and Automating Attack Simulations

By integrating D3 SOAR and AttackIQ, users can easily prioritize the attack types they need to test, and automate scheduled tests for regular intervals. D3 correlates incoming events against the MITRE ATT&CK Matrix, which feeds into D3’s Monitor Dashboard. On this dashboard, analysts can see the prevalence of each ATT&CK technique in their environment, immediately revealing the most frequent types of attacks they are facing. This information can then be used to schedule AttackIQ assessments of those attacks using an automated playbook.
X AttackIQ Integration