FireEye Integration

XGEN SOAR Integration

D3’s numerous integrations with FireEye allow you to streamline SecOps and IR workflows, reduce manual coordination, and augment the power of your existing tools. WithD3 acting as a hub for endpoint, network, and email security alerts, all potential incidents can be enriched with threat intelligence, run through D3’s MITRE ATT&CK discovery process, and remediated at machine speeds. D3 also integrates with FireEye Malware Analysis for safe analysis of phishing attacks and possible malicious files.
FireEye Integration

Download Integration Guide



Integration Capabilities
FireEye Helix Ingest events to D3 for analysis, enrichment, and automated response.
FireEye ETP / FireEye EX Ingest email security alerts and orchestrate actions such as retrieving messages and quarantining emails.
FireEye HX Automatically update watchlists, block hashes, quarantine endpoints and send reports.
FireEye NX Ingest network security alerts to trigger D3 playbooks that automate and orchestrate tasks across your security infrastructure.
FireEye AX / FireEye Detection On Demand Upload and detonate suspicious files, and retrieve reports to enrich D3 incidents.
FireEye CM Enrich D3 incidents with threat intelligence on IOCs.

Key Use Case

FireEye Integration

#1: Incident Response Automation

D3 can ingest alerts from FireEye Helix, FireEye HX, FireEye NX, and FireEye EX, and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window. When FireEye alerts trigger D3’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.
FireEye Integration

#2: Potential Phishing Incident Analysis

With D3’s integrations with FireEye, when a phishing attempt is reported to the SOC, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to FireEye’s malware analysis sandbox for analysis and risk scoring. If it is confirmed as a genuine incident, D3 can then orchestrate the appropriate actions in other FireEye tools.
X FireEye Integration