Smart SOAR Integration

Smart SOAR boasts 14 feature-rich integrations with Cisco Security products, providing myriad options for automation-powered incident response. When combined with the power of the Cisco Security suite, Smart SOAR acts as a centralized hub for analysis and orchestration across endpoints, networks security, email security, threat intelligence enrichment, and much more.

Integration Capabilities
Cisco Secure Endpoint Smart SOAR ingests events from Secure Endpoint and orchestrates actions including managing file lists and retrieving endpoint and group information.
Cisco Adaptive Security Appliance Smart SOAR users can orchestrate network security actions through Cisco ASA, such as blocking IPs and URLs.
Cisco Email Security Smart SOAR users can defend against phishing attacks by orchestrating actions in Email Security, such as deleting messages, getting details on suspicious messages, and pulling reports.
Cisco Meraki Smart SOAR enables network security management through Meraki by orchestrating firewall rules, updating and removing devices, and retrieving data for investigations.
Cisco SecureX Threat Response Smart SOAR ingests SecureX threat response’s aggregated threat intelligence to enrich IOCs with reputation information.
Cisco Threat Grid Smart SOAR uses Threat Grid to detonate potentially malicious files and ingest threat data.
Cisco Umbrella Investigate & Enforcement Smart SOAR integrates with Umbrella’s Investigate & Enforcement API to ingest numerous threat intelligence fields, including detailed domain information.

Key Use Cases

#1

Automation-Powered Incident Response

In this use case, Cisco Secure Endpoint (SE) and Adaptive Security Appliance (ASA) are used to enrich, contain, and recover from a security incident. Smart SOAR can fetch events on a set schedule from Cisco SE, where they are enriched with more data about endpoints, the network, and relevant policies. If the collected information indicates a breach, the Smart SOAR playbook can then quarantine the infected device and prevent any communication with suspicious targets from the network. Once the issue has been addressed and remediated, Smart SOAR’s recovery phase playbooks will bring devices back online and unblock artifacts, thereby restoring normal operations.
#2

Phishing Analysis and Response

When a potential phishing attempt is detected, Smart SOAR runs an automated phishing playbook that parses out the elements of the email, including the potentially malicious attached file. The elements can be looked up in SecureX Threat Response and other sources to assess the threat. The attachment can then be uploaded to Threat Grid for detonation and analysis. If it is confirmed as a genuine incident, Smart SOAR can use Cisco Email Security and Adaptive Security Appliance to delete the message, block the sender, and block the URL.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Cisco Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.