Endpoint MalOp Response Automation
When Cybereason detects a potential endpoint incident, D3 can retrieve the highly detailed MalOp for investigation. D3 then enriches the MalOp with threat intelligence and past incident data, as well as gathering additional information from Cybereason by querying sensors, users, files, processes, domains, and more. If the MalOp is deemed a true positive, D3 can trigger an automated response playbook that orchestrates a response across the security environment, including actions in Cybereason such as killing processes and isolating affected machines. When the response is complete, the D3 playbook can update the MalOp status in Cybereason with the results.