|Azure Sentinel||Gather critical information, trigger playbooks, and add new rules for monitoring and detection.|
|Azure REST||Create and manage integrations, analytic rules, incidents, entity operations, dashboards, and bookmarks.|
|Azure Security Center||Validate threats and orchestrate end-to-end response for attacks on cloud, IoT, and hybrid environments.|
|Graph Security API||Enrich GSAPI alerts with security telemetry and threat intelligence while unleashing an incredible amount of data from Microsoft products.|
|Exchange Web Services||Ingest BEC alerts, perform enrichment, and automate response.|
|Active Directory||Enrich security events with identity data and orchestrate actions such as restricting access when credentials have been compromised.|
|Azure Active Directory||Retrieve information and orchestrate actions related to access to cloud applications.|
|Office 365 (O365)||Access, enrich and integrate Excel, One Drive, One Note, Outlook and Teams into your playbooks.|
Phishing, malware, and brute force attacks can flood your security team with alerts, overwhelming analysts who rely on manual processing and stale procedures. In this scenario, dangerous threats can be missed, causing dwell and remediation times to become bloated. Combining Microsoft tools like Azure Sentinel, Security Center, and Active Directory with D3 NextGen SOAR streamlines and automates much of the enrichment, remediation, and case management process, helping security teams to better manage barrages of alerts, while reducing human error and MTTR. Events from Microsoft detection tools are fed through D3’s Event Pipeline to eliminate false positives and escalate only genuine incidents to analysts. The analyst can then trigger the appropriate playbook, which will enrich the incident with more data, including user information from Active Directory, and orchestrate the response across 500+ tools.
Organizations are increasingly moving their workloads to cloud platforms like Azure, but many retain a hybrid environment, with some systems still hosted on-premise. This hybrid model creates an issue around security, because the company is left managing two sets of security tools—one in the cloud and one on-premise. During a cybersecurity incident, adversaries don’t necessarily care where your servers are. If an attacker compromises multiple user credentials, they will start moving throughout your systems with little regard for which is cloud and which is on-premise. D3 NextGen SOAR integrates with Azure Sentinel, the rest of the Azure stack, and the on-premise stack to create a single SecOps interface for the entire hybrid environment. Azure Sentinel and NextGen SOAR users can enrich alerts with threat intelligence, identify MITRE ATT&CK techniques, run automation-powered playbooks to respond to incidents, and much more—across cloud and on-premise systems. For example, in a phishing attack that resulted in compromised user credentials, an analyst using NextGen SOAR could disable the user’s access in Azure Active Directory, query Azure Sentinel for additional data, search across Office 365 mailboxes for more instances of the phishing email, and remove the malicious attachment from computers using the on-premise EDR tool, all from the centralized NextGen SOAR workbench.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.