AWS GuardDuty: Smart SOAR Integration Guide, Benefits

Platform
- - - Platform
      
      The Smart SOAR platform delivers the automation capabilities you need to outpace and outthink cyber threats.
      
      Smart SOAR for Enterprise
      
      Smart SOAR for MSSP
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Why D3 Security?
- - - Why Smart SOAR?
      
      D3 Security is the leader in security automation and incident response.
      
      Smart SOAR for Enterprise
      
      Smart SOAR for MSSP
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Solutions
- - - Solutions
      
      Next-generation SOAR technology with flexibility and expertise tailored to the needs of your organization.
    - SOAR Implementation Service
    - SOAR Replacement Service
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Partners
- - - Partners
      
      See how D3 Security works with our partners to enable seamless multi-vendor security orchestration and incident response.
    - Integrations
    - Sales Channel
    - Become a Partner
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Resources
- - - Resources
      
      The source for the latest D3 Security content and SOAR reports, including case studies, data sheets, and webinars.
    - Gartner SOAR Market Guide
      
      Learn what Gartner says about SOAR strategies and vendors.
      
      GET NOW
Company
- - - Company
      
      Get a behind-the-scenes look at D3 Security . Learn about our mission, leadership and careers. We’re hiring!
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Get a Demo

Smart SOAR Integration

Smart SOAR’s integration with AWS GuardDuty enables automation-powered response to cloud security alerts. GuardDuty produces security findings based on its analysis of logs, threat intelligence, and machine learning, which enables it to detect unusual or suspicious activity in your AWS environment. Smart SOAR can retrieve security findings from GuardDuty in order to rapidly orchestrate a response.

Integration Features

Automate response to GuardDuty alerts

Orchestrate across hundreds of integrated systems, including AWS platforms such as EC2, Lambda, SSM, and S3 Buckets

Capture suspicious behaviors that slip past signature-based tools

Seamlessly oversee hybrid environments, by managing cloud and on-premise incident response through Smart SOAR

Key Use Cases

Cryptomining

AWS GuardDuty can detect compromised EC2 instances that have been hijacked by an adversary to mine bitcoin. Smart SOAR retrieves that event and extracts IOCs and TTPs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required. Smart SOAR has a prebuilt automation-powered playbook for cryptomining, which includes domain analysis and EC2 instance analysis.

Insider Threat Detection and Mitigation

AWS GuardDuty can be utilized to identify potential insider threats by monitoring and flagging unusual data access patterns or unauthorized attempts to access sensitive data. Smart SOAR, upon receiving such alerts, employs its MITRE ATT&CK framework correlation to categorize the nature of the threat, focusing on tactics and techniques indicative of insider behavior. Smart SOAR's automation capabilities then kick in, extracting IOCs and comparing them against known threat intelligence. If the threat is verified, D3 activates a specialized playbook for insider threats, which includes steps for securing compromised accounts, assessing data exposure, and initiating necessary legal or HR protocols.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.