Service management tools like Jira aren’t the best way to handle security incidents, but nevertheless they are often used as stopgap solution for security. They can also be effective as a queue for multiple teams, with the SOC team being just one of many. Unfortunately, this legacy solution is not suited to modern cyber attacks and does not take advantage of the possibilities for better security offered by SOAR.
In order to enable stronger security processes without completely reconfiguring their IT infrastructure, Jira users can escalate requests to incident status in D3 when the request requires investigation by the SOC team. D3 can ingest request information, including the assignee, description, priority, and comments, which might include threat intelligence that was added in JIRA. An analyst can review the incident in D3 and trigger the appropriate playbook.
While preserving existing IT and SOC workflows, this integration gives SOC teams the ability to give high-risk incidents the investigation they deserve. Conducting incident response in D3 SOAR, instead of JIRA, adds the benefits of D3’s automation-powered playbooks, MITRE ATT&CK intelligence correlations, and security orchestration to every incident. D3 can also enrich the incident with additional threat intelligence, reputation lookups, and other valuable data via its 500+ other integrations.
Depending on how an organization is set up, both in terms of personnel and technology, certain security tasks must be carried out by the IT team. Ideally the SOC team could use their SOAR platform to orchestrate tasks via integrated tools, but in reality, orchestration might also require communicating between teams to carry out security workflows. In order to carry out this collaboration quickly enough to keep up with the pace of security incidents, organizations need tools that increase efficiency.
In organizations where the IT team uses Jira and the SOC team uses D3, D3 can create requests in Jira to assign IT-related security tasks. These might include blocking an IP, quarantining an endpoint, scheduling a patch, or scheduling a vulnerability scan. The D3 user can set the fields they wish to populate in the Jira ticket, such as the ticket number, priority, IP address, endpoint info, and the assigned user or team.
By linking your service management and SOAR solutions, your IT and SOC teams can collaborate while working in the tool they are comfortable with. SOC teams can place requests directly into the IT team’s queue, instead of sending a request by email and hoping for a response. The result is faster coordinated actions across the organization that avoid the common pitfalls of miscommunication.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.