Smart SOAR Integration

Integrating D3 and Chronicle enables a combined analytic and investigative solution that can scale with no added cost. Chronicle normalizes, indexes, correlates and analyzes security data and threat intelligence to create curated dashboards that help security analysts identify and make sense of suspicious activity in their environment. D3 can leverage that internal and external intelligence to investigate and remediate threats.

Chronicle Integration

Integration features

Turn threats identified in Chronicle into automation-powered response in D3
Automate queries of Chronicle data in D3 playbooks
Run thousands of commands from the D3 console
Map threats from Chronicle using the MITRE ATT&CK framework

Key Use Case

#1: Incident Enrichment

Analysts can enrich alerts in D3 with Chronicle’s detailed analytics and threat intelligence. This will reveal important context around indicators such as IP addresses and domains, which can then inform D3’s orchestration of response actions across the environment. Chronicle enrichment can be added as an automated action in D3’s codeless playbook editor.

Chronicle Integration

#2: Complex Investigations

Chronicle can provide rich security telemetry and identify possible threats, but it is not suitable for complex investigations. Using D3’s case management capabilities, analysts can assemble multiple events and indicators into a larger investigation, and query Chronicle for contextual data as needed. D3’s MITRE ATT&CK correlation capabilities help reveal the kill chain of an attack, which can then be used to focus the search for threats across Chronicle.

Chronicle Integration

X Chronicle Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.