D3’s numerous integrations with Trellix (formerly FireEye) allow you to streamline SecOps and IR workflows, reduce manual coordination, and augment the power of your existing tools. WithD3 acting as a hub for endpoint, network, and email security alerts, all potential incidents can be enriched with threat intelligence, run through D3’s MITRE ATT&CK discovery process, and remediated at machine speeds. D3 also integrates with FireEye Malware Analysis for safe analysis of phishing attacks and possible malicious files.
| Integration | Capabilities |
|---|---|
| Trellix Helix | Ingest events to D3 for analysis, enrichment, and automated response. |
| Trellix ETP / Trellix EX | Ingest email security alerts and orchestrate actions such as retrieving messages and quarantining emails. |
| Trellix HX | Automatically update watchlists, block hashes, quarantine endpoints and send reports. |
| Trellix NX | Ingest network security alerts to trigger D3 playbooks that automate and orchestrate tasks across your security infrastructure. |
| Trellix AX / FireEye Detection On Demand | Upload and detonate suspicious files, and retrieve reports to enrich D3 incidents. |
| Trellix CM | Enrich D3 incidents with threat intelligence on IOCs. |
D3 can ingest alerts from Trellix Helix, Trellix HX, Trellix NX, and Trellix EX, and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window. When FireEye alerts trigger D3’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.
With D3’s integrations with FireEye, when a phishing attempt is reported to the SOC, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to Trellix's malware analysis sandbox for analysis and risk scoring. If it is confirmed as a genuine incident, D3 can then orchestrate the appropriate actions in other FireEye tools.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.
