Smart SOAR Integration

With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste domains and IPs hundreds of times per day in order to check their reputation. D3’s integration with MISP enables automated enrichment of D3 incidents with MISP’s open-source threat intelligence for rapid assessment of threats.

MISP  Integration

Integration features

Automatically enrich alerts with MISP intelligence
Block malicious URLs through D3’s playbooks
Add URL reputation data to D3 risk scores

Key Use Case


Automated Enrichment

Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from threat intelligence sources. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. D3 can automatically query MISP for threat data related to new alerts.

Potential Phishing Analysis

When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 can then use MISP to look up those extracted indicators and reveal any associated malicious activity. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X MISP  Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.