|McAfee ePolicy Orchestrator||D3 can orchestrate dozens of endpoint protection actions in McAfee ePO, including scanning endpoints, ingesting threat events, and updating policies.|
|McAfee Enterprise Security Manager||D3 connects with McAfee ESM to provide well-informed incident response and investigation management to SIEM alarms. D3 ingests alarms as well as queries McAfee ESM for related events and contextual data.|
|McAfee Advanced Threat Defense||D3 can detonate suspicious URLs in McAfee Advanced Threat Defense’s malware sandbox and ingest the results into incident reports.|
|McAfee Network Security Manager||D3 integrates with McAfee Network Security Manager to quarantine hosts.|
|McAfee Web Gateway||D3 supports network security through orchestrating actions in McAfee Web Gateway such as blocking IPs and URLs.|
By combining McAfee ESM for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.
To carry out a post-incident investigation with McAfee products and D3 SOAR, analysts can use prebuilt commands in D3 to rapidly gather alarm details, event logs, statuses, and other data from a range of McAfee products. Similar commands are available for other tools, giving investigators a centralized console for complex, end-to-end incident investigations.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.