Smart SOAR Integration

D3’s feature-rich integration with Cybereason enables incident responders and threat hunters to benefit from Cybereason’s MalOps—which provide fully contextualized pictures of attacks, instead of piecemeal alerts—while also being able to query virtually anything across the platform. When endpoint incidents are responded to in Smart SOAR, the playbook can orchestrate remediation across endpoints via the integration with Cybereason.

Cybereason Integration

Integration Features

Amalgamate MalOps feeds in Smart SOAR for analysis and investigation
Orchestrate response actions from Smart SOAR playbooks, such as remediating processes, killing processes, and isolating hosts
Update IOC reputations and categories, and prevent malicious IOCs from executing
Run queries across the Cybereason Platform to retrieve data from sensors, MalOps, processes, and more

Key Use Cases

#1

Endpoint MalOp Response Automation

When Cybereason detects a potential endpoint incident, Smart SOAR can retrieve the highly detailed MalOp for investigation. Smart SOAR then enriches the MalOp with threat intelligence and past incident data, as well as gathering additional information from Cybereason by querying sensors, users, files, processes, domains, and more. If the MalOp is deemed a true positive, Smart SOAR can trigger an automated response playbook that orchestrates a response across the security environment, including actions in Cybereason such as killing processes and isolating affected machines. When the response is complete, the Smart SOAR playbook can update the MalOp status in Cybereason with the results.
#2

IOC Update Orchestration

If Smart SOAR determines an IOC to be malicious, either through integrated threat intelligence sources or the result of an incident investigation, it can orchestrate the appropriate updates in Cybereason to protect against the threat. Smart SOAR can set the IOC reputation, assign it to a category (e.g. virus or blacklist), and—if the IOC is a file—prevent it from executing.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Cybereason Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.