Cybereason: SOAR Integration Guide, Use Cases

Platform
- - - Platform
      
      The Smart SOAR platform delivers the automation capabilities you need to outpace and outthink cyber threats.
      
      Smart SOAR for Enterprise
      
      Smart SOAR for MSSP
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Why D3 Security?
- - - Why Smart SOAR?
      
      D3 Security is the leader in security automation and incident response.
      
      Smart SOAR for Enterprise
      
      Smart SOAR for MSSP
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Solutions
- - - Solutions
      
      Next-generation SOAR technology with flexibility and expertise tailored to the needs of your organization.
    - SOAR Implementation Service
    - SOAR Replacement Service
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Partners
- - - Partners
      
      See how D3 Security works with our partners to enable seamless multi-vendor security orchestration and incident response.
    - Integrations
    - Sales Channel
    - Become a Partner
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Resources
- - - Resources
      
      The source for the latest D3 Security content and SOAR reports, including case studies, data sheets, and webinars.
    - Gartner SOAR Market Guide
      
      Learn what Gartner says about SOAR strategies and vendors.
      
      GET NOW
Company
- - - Company
      
      Get a behind-the-scenes look at D3 Security . Learn about our mission, leadership and careers. We’re hiring!
    - Get started with D3 Security
      
      Want to see us in action? You can get started with SOAR today.
      
      Get Started
Get a Demo

Smart SOAR Integration

D3’s feature-rich integration with Cybereason enables incident responders and threat hunters to benefit from Cybereason’s MalOps—which provide fully contextualized pictures of attacks, instead of piecemeal alerts—while also being able to query virtually anything across the platform. When endpoint incidents are responded to in D3, the playbook can orchestrate remediation across endpoints via the integration with Cybereason.

Integration Features

Amalgamate MalOps feeds in D3 for analysis and investigation

Orchestrate response actions from D3 playbooks, such as remediating processes, killing processes, and isolating hosts

Update IOC reputations and categories, and prevent malicious IOCs from executing

Run queries across the Cybereason Platform to retrieve data from sensors, MalOps, processes, and more

Key Use Case

Endpoint MalOp Response Automation

When Cybereason detects a potential endpoint incident, D3 can retrieve the highly detailed MalOp for investigation. D3 then enriches the MalOp with threat intelligence and past incident data, as well as gathering additional information from Cybereason by querying sensors, users, files, processes, domains, and more. If the MalOp is deemed a true positive, D3 can trigger an automated response playbook that orchestrates a response across the security environment, including actions in Cybereason such as killing processes and isolating affected machines. When the response is complete, the D3 playbook can update the MalOp status in Cybereason with the results.

IOC Update Orchestration

If D3 determines an IOC to be malicious, either through integrated threat intelligence sources or the result of an incident investigation, it can orchestrate the appropriate updates in Cybereason to protect against the threat. D3 can set the IOC reputation, assign it to a category (e.g. virus or blacklist), and—if the IOC is a file—prevent it from executing.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.