Integrating D3 and Chronicle enables a combined analytic and investigative solution that can scale with no added cost. Chronicle normalizes, indexes, correlates and analyzes security data and threat intelligence to create curated dashboards that help security analysts identify and make sense of suspicious activity in their environment. D3 can leverage that internal and external intelligence to investigate and remediate threats.
Analysts can enrich alerts in D3 with Chronicle’s detailed analytics and threat intelligence. This will reveal important context around indicators such as IP addresses and domains, which can then inform D3’s orchestration of response actions across the environment. Chronicle enrichment can be added as an automated action in D3’s codeless playbook editor.
Chronicle can provide rich security telemetry and identify possible threats, but it is not suitable for complex investigations. Using D3’s case management capabilities, analysts can assemble multiple events and indicators into a larger investigation, and query Chronicle for contextual data as needed. D3’s MITRE ATT&CK correlation capabilities help reveal the kill chain of an attack, which can then be used to focus the search for threats across Chronicle.