#1:
Threat Hunting
Many security teams find that they have access to an abundance of valuable threat intelligence reports, but fail to act on most of that intelligence because they do not have the necessary workflows in place. With D3 and Digital Shadows, you can create an automated process for ingesting threat intelligence reports, assessing their risk, and hunting for IOCs and vulnerabilities in your environment.
In D3, users can set up a scheduled utility command to retrieve threat reports on a weekly cadence (or whatever cadence they are published on) from integrated TIPs, such as Qualys. D3 then parses the report and extracts the details, including any CVEs. Then, each CVE is sent to Digital Shadows SearchLight to retrieve the CVSS score, a risk score, and the MITRE ATT&CK TTPs involved. The analyst can then quickly assess the risk level and trigger the appropriate threat hunting playbook. This might include running a scan in an integrated TVM tool for vulnerabilities in the report, searching an integrated SIEM for IOCs, and generating notifications to close any known vulnerabilities.
The combined solution of D3 and Digital Shadows creates an almost entirely automated process for operationalizing threat intelligence, threat hunting, and vulnerability management. This helps to ensure that important threat reports are always acted on immediately, not just when someone has the time to look into them.