Analysts can enrich alerts in D3 with Chronicle’s detailed analytics and threat intelligence. This will reveal important context around indicators such as IP addresses and domains, which can then inform D3’s orchestration of response actions across the environment. Chronicle enrichment can be added as an automated action in D3’s codeless playbook editor.
Chronicle can provide rich security telemetry and identify possible threats, but it is not suitable for complex investigations. Using D3’s case management capabilities, analysts can assemble multiple events and indicators into a larger investigation, and query Chronicle for contextual data as needed. D3’s MITRE ATT&CK correlation capabilities help reveal the kill chain of an attack, which can then be used to focus the search for threats across Chronicle.