The Cybereason Platform moves beyond alerting with operation-centric security that leverages the Cybereason MalOp for multi-stage visualizations of attack sequences that are context-rich and correlated from root cause across every affected device and user.
NextGen SOAR Integration
D3’s feature-rich integration with Cybereason enables incident responders and threat hunters to benefit from Cybereason’s MalOps—which provide fully contextualized pictures of attacks, instead of piecemeal alerts—while also being able to query virtually anything across the platform. When endpoint incidents are responded to in D3, the playbook can orchestrate remediation across endpoints via the integration with Cybereason.
Amalgamate MalOps feeds in D3 for analysis and investigation
Orchestrate response actions from D3 playbooks, such as remediating processes, killing processes, and isolating hosts
Update IOC reputations and categories, and prevent malicious IOCs from executing
Run queries across the Cybereason Platform to retrieve data from sensors, MalOps, processes, and more
Key Use Case
Endpoint MalOp Response Automation
When Cybereason detects a potential endpoint incident, D3 can retrieve the highly detailed MalOp for investigation. D3 then enriches the MalOp with threat intelligence and past incident data, as well as gathering additional information from Cybereason by querying sensors, users, files, processes, domains, and more. If the MalOp is deemed a true positive, D3 can trigger an automated response playbook that orchestrates a response across the security environment, including actions in Cybereason such as killing processes and isolating affected machines. When the response is complete, the D3 playbook can update the MalOp status in Cybereason with the results.
IOC Update Orchestration
If D3 determines an IOC to be malicious, either through integrated threat intelligence sources or the result of an incident investigation, it can orchestrate the appropriate updates in Cybereason to protect against the threat. D3 can set the IOC reputation, assign it to a category (e.g. virus or blacklist), and—if the IOC is a file—prevent it from executing.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.