Google Cloud Integration

XGEN SOAR Integration

Integrating D3 and Chronicle enables a combined analytic and investigative solution that can scale with no added cost. Chronicle normalizes, indexes, correlates, and analyzes security data and threat intelligence to create curated dashboards that help security analysts identify and make sense of suspicious activity in their environment. D3 can leverage that internal and external intelligence to investigate and remediate threats. D3’s other Google integrations enable full management of security for Google cloud environments.
Integration Capabilities
Chronicle Ingest Chronicle alerts for automated enrichment, lightning-fast response, and deep investigations.
Gmail Ingest suspicious emails for investigation, and orchestrate tasks to retrieve user lists, manage users, and more.
Google Cloud Compute Get info on cloud instances to monitor resources and maintain virtual environment security.
Google Resource Manager Manage project items.
Google Safe Browsing Look up URL reputations.
Google DLP Ingest alerts, create jobs, and retrieve results.
Google Drive Upload, download, and delete files.
Google Cloud Storage Offload data from D3 into cloud storage.
Google BigQuery Search across your stored data, such as logs.
Google Search Conduct Google searches straight from D3.

Key Use Case

#1

Incident Enrichment

D3 and Chronicle users can enrich alerts in D3 with Chronicle’s rich security data, giving them valuable intelligence related to indicators like IP addresses and domains. Chronicle enrichment can be added to D3’s codeless playbooks as a drag-and-drop automated action. D3 can then orchestrate the appropriate response to the threat across the entire environment. The integration takes advantage of the full suite of API calls offered by Chronicle, ensuring that the joint solution has maximal functionality.
#2

Potential Phishing Incident Analysis

When a phishing attempt is reported to the SOC, D3 can trigger an automated phishing playbook that parses out the elements of the email, including potentially malicious URLs. The URLs are then checked against Google Safe Browsing. Other indicators are checked against third-party threat intelligence, Chronicle data, the MITRE ATT&CK Matrix, and historical incident data. If the email is confirmed as a genuine incident, D3 can then orchestrate the appropriate response actions across Gmail and other integrated tools.
X Google Integration