Cisco

Cisco provides an integrated security portfolio across the network, cloud, internet, email, and endpoints. Cisco tools include threat intelligence, endpoint security, network security, and malware analysis.

XGEN SOAR Integration

D3’s integrations with Cisco allow you to streamline SecOps and IR workflows, reduce manual coordination, operationalize the MITRE ATT&CK framework, and fully leverage existing tool investments. By using D3 to centralize, enrich, and correlate Cisco threat intelligence and contextual data, you make that data more actionable for your SOC. With D3’s Cisco integrations, you can automate SOC tasks that execute across Firepower Management Center, Threat Grid, and the rest of your security tools.

Download Integration Guide

Integration	Capabilities
Cisco AMP Endpoint Security	D3 ingests events from AMP Endpoint Security and orchestrates actions including managing file lists and retrieving endpoint and group information.
Cisco Meraki	D3 enables network security management through Meraki by orchestrating firewall rules, updating and removing devices, and retrieving data for investigations.
Cisco SecureX Threat Response	D3 ingests SecureX threat response’s aggregated threat intelligence to enrich IOCs with reputation information.
Cisco Threat Grid	D3 uses Threat Grid to detonate potentially malicious files and ingest threat data.
Cisco Umbrella	D3 integrates with Umbrella’s Investigate & Enforcement API to ingest numerous threat intelligence fields, including detailed domain information.

Key Use Cases

#1: Automation-Powered Incident Response

Integrating D3 SOAR with your Cisco tools enables you to enrich alerts with valuable contextual data, including Cisco Umbrella Investigate threat intelligence and correlated MITRE ATT&CK matrix techniques, to inform decisions and determine the next steps. D3 can then trigger a response playbook that orchestrates tasks across your security infrastructure, such as blocking malicious IPs, URLs, and applications across your network and firewall.

#2: Potential Phishing Incident Analysis

When a phishing attempt is reported to the SOC, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to Threat Grid for detonation and analysis. If it is confirmed as a genuine incident, D3 can then run the appropriate response playbook.