Automated Alert Enrichment
When a security alert is generated by a SIEM, firewall, endpoint protection system, or any other security tool, it requires prompt investigation. However, large organizations regularly face thousands of alerts every day, making it impossible to investigate even half of them. Security teams need fast and accurate ways of separating genuine threats from false positives without requiring a lot of manual work.
D3 XGEN SOAR can take in alerts from any integrated system and determine what alerts require immediate attention. D3 structures the data from incoming alerts to separate out the IOCs. By integrating with Lastline Analyst, D3 operators can check those IOCs, such as implicated IP addresses and domains, and receive a risk score report. Lastline’s analysis can be automatically incorporated into the incident in D3 for at-a-glance evaluation by the user.
Incorporating Lastline’s advanced analysis into D3 workflows allows for faster triage of events, which ensures that security teams stay focused on the threats that matter instead of chasing after false positives. When a genuine threat is identified, having Lastline’s report at your fingertips allows you to activate the correct automation-powered playbook in D3 to take immediate action to remediate the risk.