Datadog’s Application Performance Monitoring (APM) solution can detect IT and security issues from across integrated cloud applications, networks, and infrastructure. While these solutions can generate analytics and integrate with communication tools like Slack to help coordinate response, they do not have a true incident response capability. The integration with D3 fills this gap by turning Datadog’s comprehensive information into automation-powered playbooks with full enrichment, orchestrated actions, and proven workflows for everything from cloud service outages to security breaches.
Cryptomining scripts can potentially be detected by Amazon GuardDuty and that information can be forwarded to Datadog—or Datadog APM could detect the drop in performance from the hijacked machine—but neither tool has the ability to fully investigate and remediate the threat on its own. D3 can retrieve the event, run it through MITRE ATT&CK correlation to identify tactics and techniques, and extract IOCs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required. D3 has a prebuilt automation-powered playbook for cryptojacking, which includes domain analysis and EC2 instance analysis.
By combining Datadog Security Monitoring for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate security threats to D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.