Smart SOAR Integration

D3’s integration with SentinelOne Singularity XDR automates and orchestrates workflows for endpoint protection, threat hunting and incident response. Supporting a full range of automated actions, the joint solution reduces MTTR, triages endpoint threats through D3’s Event Pipeline, and increases the quality of investigations.

SentinelOne Integration

Integration Features

Ingest SentinelOne threats to trigger automated playbooks in Smart SOAR
Orchestrate SentinelOne actions from Smart SOAR, such as blocking hashes, retrieving agent info, and quarantining endpoints
Update blacklists from Smart SOAR based on threat intelligence or investigation results
Enrich endpoint threats with D3’s full spectrum of security data

Key Use Case


Endpoint Incident Response Automation

Smart SOAR can ingest threats from SentinelOne Singularity and then enrich, contextualize, and deduplicate the event. If the event is deemed a true positive, Smart SOAR will trigger an automated response playbook or assign the incident to an analyst for further investigation or approval. Analysts receive a comprehensive view of the event, including all available IOCs and any links to historical incidents.

Threat Hunting

Using Smart SOAR and SentinelOne as an integrated threat hunting solution speeds the investigation of new threats by streamlining the entire process from learning of the threat, to finding instances of it on endpoints, to quickly remediating it. All this can be orchestrated from Smart SOAR. Being able to build and trigger threat hunting playbooks in Smart SOAR also helps ensure consistency and reduce human error.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X SentinelOne Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.