Smart SOAR Integration

D3 Smart SOAR’s integrations with Microsoft tools enable security analysts to focus their investigative efforts while letting Smart SOAR orchestrate and automate the analysis, prioritization, remediation, and audit trail generation. For example, alerts in Azure Sentinel trigger automated playbooks in Smart SOAR that orchestrate and automate security actions across Microsoft tools as well as unlimited third-party products. Integrations with on-premise and cloud-based deployments of Active Directory are used to expand the understanding of an event with identity information and then rapidly manage users during response workflows. The integrated solution achieves consistent security outcomes and end-to-end management of incident response across cloud, on-premise, and hybrid environments.

Integration Capabilities
Azure Sentinel Gather critical information, trigger playbooks, and add new rules for monitoring and detection.
Microsoft 365 Defender Initiate endpoint security actions, including quarantining endpoints, managing scans, and running advanced hunting queries.
Azure REST Create and manage integrations, analytic rules, incidents, entity operations, dashboards, and bookmarks.
Azure Security Center Validate threats and orchestrate end-to-end response for attacks on cloud, IoT, and hybrid environments.
Active Directory Enrich security events with identity data and orchestrate actions such as restricting access when credentials have been compromised.
Microsoft Teams Keep teams up to date with automated alerts and communications.
Microsoft Entra ID Retrieve information and orchestrate actions related to access to cloud applications.
Microsoft Exchange Server Manage on-premise mail servers to investigate and prevent phishing attempts targeting your employees.
Office 365 (O365) Manage Office 365's cloud-based mail service to protect your organization from phishing and spear phishing attempts.

Key Use Cases


Automated Incident Response

Phishing, malware, and brute force attacks can flood your security team with alerts, overwhelming analysts who rely on manual processing and stale procedures. In this scenario, dangerous threats can be missed, causing dwell and remediation times to become bloated. Combining Microsoft tools like Azure Sentinel, Security Center, and Active Directory with D3 Smart SOAR streamlines and automates much of the enrichment, remediation, and case management process, helping security teams to better manage barrages of alerts, while reducing human error and MTTR. Events from Microsoft detection tools are fed through D3’s Event Pipeline to eliminate false positives and escalate only genuine incidents to analysts. The analyst can then trigger the appropriate playbook, which will enrich the incident with more data, including user information from Active Directory, and orchestrate the response across hundreds of tools.

SOAR for Hybrid Environments

Organizations are increasingly moving their workloads to cloud platforms like Azure, but many retain a hybrid environment, with some systems still hosted on-premise. This hybrid model creates an issue around security, because the company is left managing two sets of security tools—one in the cloud and one on-premise. During a cybersecurity incident, adversaries don’t necessarily care where your servers are. If an attacker compromises multiple user credentials, they will start moving throughout your systems with little regard for which is cloud and which is on-premise. D3 Smart SOAR integrates with Azure Sentinel, the rest of the Azure stack, and the on-premise stack to create a single SecOps interface for the entire hybrid environment. Azure Sentinel and Smart SOAR users can enrich alerts with threat intelligence, identify MITRE ATT&CK techniques, run automation-powered playbooks to respond to incidents, and much more—across cloud and on-premise systems. For example, in a phishing attack that resulted in compromised user credentials, an analyst using Smart SOAR could disable the user’s access in Microsoft Entra ID, query Azure Sentinel for additional data, search across Office 365 mailboxes for more instances of the phishing email, and remove the malicious attachment from computers using the on-premise EDR tool, all from the centralized Smart SOAR workbench.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Microsoft Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.