#1
Event Enrichment
When a suspicious behavior is detected in Okta and escalated to D3, D3 can automatically or manually provide rich context that helps the analyst determine the risk level of the event. This includes searching across related Okta logs, as well as extracting IOCs to correlate against integrated threat intelligence platforms. Uniquely, D3 can also check the behavior against MITRE ATT&CK criteria, to determine what adversary techniques are present, and how they might fit into a larger attack.