CrowdStrike Falcon: Smart SOAR Integration Guide

Platform
- - - Platform
      
      The Smart SOAR platform delivers the automation capabilities you need to outpace and outthink cyber threats.
      
      Smart SOAR for Enterprise
      
      Smart SOAR for MSSP
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Why D3 Security?
- - - Why Smart SOAR?
      
      D3 Security is the leader in security automation and incident response.
      
      Smart SOAR for Enterprise
      
      Smart SOAR for MSSP
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Solutions
- - - Solutions
      
      Next-generation SOAR technology with flexibility and expertise tailored to the needs of your organization.
    - SOAR Implementation Service
    - SOAR Replacement Service
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Partners
- - - Partners
      
      See how D3 Security works with our partners to enable seamless multi-vendor security orchestration and incident response.
    - Integrations
    - Sales Channel
    - Become a Partner
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Resources
- - - Resources
      
      The source for the latest D3 Security content and SOAR reports, including case studies, data sheets, and webinars.
    - Gartner SOAR Market Guide
      
      Learn what Gartner says about SOAR strategies and vendors.
      
      GET NOW
Company
- - - Company
      
      Get a behind-the-scenes look at D3 Security . Learn about our mission, leadership and careers. We’re hiring!
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Get a Demo

Smart SOAR Integration

A feature-rich integration with the CrowdStrike Falcon platform makes Smart SOAR the perfect command center for intaking events, detonating malicious files, and orchestrating actions across endpoints. D3’s automation-powered playbooks, integrated MITRE ATT&CK framework, and deep investigative capabilities bring effective and repeatable workflows to all endpoint events.

Integration features

Orchestrate more than 25 actions in CrowdStrike Falcon from Smart SOAR

Automate enrichment of events with threat intelligence from Falcon Intelligence and other sources

Correlate events against the MITRE ATT&CK matrix to reveal adversarial intent

Detonate suspicious files in Falcon Sandbox

CrowdStrike Falcon Endpoint Protection Integration

Key Use Case

Compromised Endpoint Remediation

When a compromised endpoint is detected, Smart SOAR enriches the alert with threat intelligence from Falcon X and other sources to get a risk score. If the file is not conclusively known to be malicious, Smart SOAR then queries the compromised endpoint via Falcon Endpoint Protection to download the file, where it can then be detonated in Falcon Sandbox for analysis. If the file is determined to be malicious, Smart SOAR can then query other endpoints to find any other instances of the file. Having now identified the full extent of the compromise, the analyst can use Smart SOAR to orchestrate actions across the affected endpoints, such as to remove the file, block the hash, kill processes, or quarantine the endpoint.

Automated Behavioral Analysis and Remediation

Upon receiving an alert, Smart SOAR gathers additional context, including user account details and file access patterns, and cross-references this with external threat intelligence to assess threat credibility. High-severity threats trigger immediate endpoint isolation and a deeper investigation using CrowdStrike's analysis tools. Smart SOAR then automates remediation actions, such as terminating malicious processes, quarantining affected files, and resetting compromised credentials.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.