D3’s integration with Rapid7 InsightVM feeds vulnerability scans into automation-powered response workflows. When InsightVM runs a scan across endpoints and detects a vulnerability, D3 reads and parses the scan report and generates an incident response playbook. D3 determines the endpoint on which the vulnerability was found and enriches the report with contextual information, including MITRE ATT&CK TTP correlation. The user can notify the necessary teams from D3 or generate an IT ticket via D3 to schedule a patch or update. If the organization has existing scripts for patch management, D3 can trigger those directly.

By combining Rapid7 IDR for cloud-based threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window. When Rapid7 alerts trigger D3’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.