By combining LogRhythm for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window. When SIEM events trigger D3’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.

D3 has embedded the entire MITRE ATT&CK matrix into its SOAR platform, so when a LogRhythm event is ingested, D3 can parse out the elements and correlate them against the criteria for ATT&CK’s hundreds of techniques. The techniques that are detected will start to form the “kill chain” of the incident, which the analyst can visually represent in D3’s dashboards. Having identified the elements of the incident, D3 has narrowed the necessary search range to find events that are part of the same incident. D3 then runs automated searches across LogRhythm data, based on the known IOCs and techniques. D3 can then use this data to further build out the kill chain of the incident, which can be managed holistically using D3’s case management capabilities.