#2:
Kill Chain Investigations
D3 has embedded the entire MITRE ATT&CK matrix into its SOAR platform, so when a LogRhythm event is ingested, D3 can parse out the elements and correlate them against the criteria for ATT&CK’s hundreds of techniques. The techniques that are detected will start to form the “kill chain” of the incident, which the analyst can visually represent in D3’s dashboards. Having identified the elements of the incident, D3 has narrowed the necessary search range to find events that are part of the same incident. D3 then runs automated searches across LogRhythm data, based on the known IOCs and techniques. D3 can then use this data to further build out the kill chain of the incident, which can be managed holistically using D3’s case management capabilities.