Get a Demo

MISP + D3 Smart SOAR

Rapid, Automated OSINT Enrichment

MISP is an open-source threat intelligence platform for sharing, storing and correlating IOCs. D3’s integration with MISP enables automated enrichment of Smart SOAR incidents with MISP’s open-source threat intelligence for rapid assessment of threats.

Rapidly assess and respond to threats

Eliminate manual gathering of intelligence

Automate triage and enrichment through D3’s Event Pipeline

Get the D3 Integrations Guide

Benefits and Capabilities

D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have closely studied MISP to provide a powerful integration that enables seamless incorporation of threat intelligence into automated workflows.

  • Automatically enrich alerts with MISP intelligence
  • Add URL reputation to Smart SOAR risk scores
  • Block malicious URLs through Smart SOAR playbooks
Flowchart depicting the integration process between MISP and D3 Security's Smart SOAR

Use CAse

Automated Enrichment

Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from threat intelligence sources. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. D3 can automatically query MISP for threat data related to new alerts.

  • Include MISP intelligence in automated triage
  • Orchestrate your response across hundreds of integrated tools to quickly shut down active threats
  • Correlate intelligence against MITRE ATT&CK TTPs, past incidents, and other TIPs

Use Case

Potential Phishing Analysis

When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 can then use MISP to look up those extracted indicators and reveal any associated malicious activity. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.

  • Send URLs and attachments to an integrated sandbox from the Smart SOAR playbook
  • Retrieve sandbox reports as attachments in the Smart SOAR investigation dashboard
  • Delete malicious emails from inboxes across the company via integrations with email systems

Why Smart SOAR?

Joint users of MISP threat intelligence and D3 Smart SOAR don’t just get automated intelligence enrichment and phishing analysis, they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Event Pipeline, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

MISP Integration: Summary

Key Details
Feature-rich integration
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Automated intelligence enrichment

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations