#1:
Ticket Escalation
Service management tools like Jira aren’t the best way to handle security incidents, but nevertheless they are often used as stopgap solution for security. They can also be effective as a queue for multiple teams, with the SOC team being just one of many. Unfortunately, this legacy solution is not suited to modern cyber attacks and does not take advantage of the possibilities for better security offered by SOAR.
In order to enable stronger security processes without completely reconfiguring their IT infrastructure, Jira users can escalate requests to incident status in D3 when the request requires investigation by the SOC team. D3 can ingest request information, including the assignee, description, priority, and comments, which might include threat intelligence that was added in JIRA. An analyst can review the incident in D3 and trigger the appropriate playbook.
While preserving existing IT and SOC workflows, this integration gives SOC teams the ability to give high-risk incidents the investigation they deserve. Conducting incident response in D3 SOAR, instead of JIRA, adds the benefits of D3’s automation-powered playbooks, MITRE ATT&CK intelligence correlations, and security orchestration to every incident. D3 can also enrich the incident with additional threat intelligence, reputation lookups, and other valuable data via its 500+ other integrations.