McAfee

McAfee’s enterprise security suite protects on-premise, cloud, and hybrid environments through leading endpoint protection, SIEM, and network protection tools, among others.

XGEN SOAR Integration

D3 and McAfee have joined forces to combine the McAfee suite with D3 XGEN SOAR for automated incident response and silo-free investigations. The joint solution enables automated response to any alarm through D3’s codeless playbooks. D3 aggregates data and orchestrates actions across McAfee tools, creating a unified security operations hub.

Download Integration Guide

Integration	Capabilities
McAfee ePolicy Orchestrator	D3 can orchestrate dozens of endpoint protection actions in McAfee ePO, including scanning endpoints, ingesting threat events, and updating policies.
McAfee Enterprise Security Manager	D3 connects with McAfee ESM to provide well-informed incident response and investigation management to SIEM alarms. D3 ingests alarms as well as queries McAfee ESM for related events and contextual data.
McAfee Advanced Threat Defense	D3 can detonate suspicious URLs in McAfee Advanced Threat Defense’s malware sandbox and ingest the results into incident reports.
McAfee Network Security Manager	D3 integrates with McAfee Network Security Manager to quarantine hosts.
McAfee Web Gateway	D3 supports network security through orchestrating actions in McAfee Web Gateway such as blocking IPs and URLs.

Key Use Cases

#1: Alarm Enrichment and Response

By combining McAfee ESM for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.

#2: Complex Investigations Made Easy

To carry out a post-incident investigation with McAfee products and D3 SOAR, analysts can use prebuilt commands in D3 to rapidly gather alarm details, event logs, statuses, and other data from a range of McAfee products. Similar commands are available for 500+ other tools, giving investigators a centralized console for complex, end-to-end incident investigations.