Smart SOAR Integration

A feature-rich integration with the CrowdStrike Falcon platform makes Smart SOAR the perfect command center for intaking events, detonating malicious files, and orchestrating actions across endpoints. D3’s automation-powered playbooks, integrated MITRE ATT&CK framework, and deep investigative capabilities bring effective and repeatable workflows to all endpoint events.

Integration features

Orchestrate more than 25 actions in CrowdStrike Falcon from Smart SOAR
Automate enrichment of events with threat intelligence from Falcon Intelligence and other sources
Correlate events against the MITRE ATT&CK matrix to reveal adversarial intent
Detonate suspicious files in Falcon Sandbox

Key Use Case


Compromised Endpoint Remediation

When a compromised endpoint is detected, Smart SOAR enriches the alert with threat intelligence from Falcon X and other sources to get a risk score. If the file is not conclusively known to be malicious, Smart SOAR then queries the compromised endpoint via Falcon Endpoint Protection to download the file, where it can then be detonated in Falcon Sandbox for analysis. If the file is determined to be malicious, Smart SOAR can then query other endpoints to find any other instances of the file. Having now identified the full extent of the compromise, the analyst can use Smart SOAR to orchestrate actions across the affected endpoints, such as to remove the file, block the hash, kill processes, or quarantine the endpoint.

Automated Behavioral Analysis and Remediation

Upon receiving an alert, Smart SOAR gathers additional context, including user account details and file access patterns, and cross-references this with external threat intelligence to assess threat credibility. High-severity threats trigger immediate endpoint isolation and a deeper investigation using CrowdStrike's analysis tools. Smart SOAR then automates remediation actions, such as terminating malicious processes, quarantining affected files, and resetting compromised credentials.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X CrowdStrike Falcon Endpoint Protection Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.