Elastic + D3 Morpheus
Automated Investigations Powered by Rich Data and Analytics
Elastic provides the world’s leading open-source search and analytics solution. Predefined queries in Elastic can generate alerts that are escalated to Morpheus for investigation of possible security concerns. Morpheus can also enrich events from other sources by querying Elastic for additional context.
Benefits and Capabilities
SecOps teams around the globe rely on Elastic to detect, contain, and respond to threats. Many of these same teams use D3’s Morpheus solution, allowing them to rapidly orchestrate incident response, automate additional queries, and enrich triggered alerts. Leading enterprises and MSSPs make use of Elastic’s native integration with Morpheus for many valuable tasks, including:
- Triggering automated playbooks from detections in Elastic
- Enriching triggered alerts with threat intelligence and ATT&CK TTPs
- Leveraging Morpheus to automate traditional Tier 1 busywork
- Performing automation-powered incident response and hunts
Use Case 1
Alert Escalation and Enrichment
By combining Elastic for search and analytics with D3 Morpheus for incident enrichment and response, you can automatically escalate real threats to incident status in Morpheus and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation.
- Use predefined Elastic queries as the conditions to trigger an automation-powered playbook in Morpheus for fast and consistent triage and response.
- Elastic alerts can trigger Morpheus’s automated workflows and full-lifecycle playbooks for incident response.
- Analysts no longer have to manually coordinate dozens of triage and response tasks.
Use Case 2
Anomaly Management and Automated Incident Response
Elastic’s analytics are designed to detect any network anomalies that may occur. When an irregular activity is identified, it triggers an incident response in Morpheus, which then evaluates the activity against both internal and external threat intelligence tools to ensure that necessary remediation actions are taken.
- Actions may include network isolation and updating firewall rules.
- Combine Elastic’s detection capabilities with Morpheus’s automated response.
- Ensure quick and effective security incident management.
Why Morpheus?
Joint users of Microsoft Security tools and D3 Morpheus don’t just get the capabilities we’ve described; they also get the countless other features that make Morpheus the leading autonomous SOC solution, including:
Expert-built AI-ready integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
Hyperpipe, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Elastic Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
