Proofpoint Integration

XGEN SOAR Integration

With a growing volume of cyberattacks, and so many of them starting with email, security teams need tools to keep pace with attackers. That means analysts can’t waste time manually enriching and analyzing every alert. D3 XGEN SOAR provides an end-to-end incident response solution for email-based incidents detected by Proofpoint TAP, and can enrich any incident—regardless of detection source—with Proofpoint’s up-to-the-minute, globally aggregated threat intelligence.
Proofpoint Integration
Integration Capabilities
Proofpoint Targeted Attack Protection D3 can ingest events from Proofpoint TAP to enrich, investigate, and respond to potential email-based attacks
Proofpoint Emerging Threats Intelligence D3 users can enrich incidents with domain and IP reputations from Proofpoint ETI

Key Use Case


Potential Phishing Analysis

When a potential phishing attack is escalated to D3 from Proofpoint TAP, D3 extracts all the IOCs from the event, such as the sender’s domain. D3 can then look up those extracted indicators in Proofpoint ETI, other threat intelligence sources, and past incidents to reveal any associated malicious activity. Based on the results, D3 can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.

Automated Enrichment

Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. D3 can automatically extract IOCs such as domains and IPs from events and look up their reputations in Proofpoint ETI, enabling instant analysis without changing interfaces.
X Proofpoint Integration