Smart SOAR Integration

D3 Smart SOAR’s integration with Stellar Cyber Open XDR multiplies the investigation and response power of each platform, breaking down tool silos and integrating across the stack. MSSPs and internal security teams use D3 and Stellar Cyber to create automated workflows for alert detection, analysis, and response.

Integration Features

Escalate incidents from Stellar Cyber to D3 for further analysis and response
Leverage higher-fidelity security incidents that reduce wasted time, eliminate repetitive tasks, and slash MTTR
Search Stellar Cyber’s wealth of security data from D3
Correlate threat intelligence against IOCs in both platforms
Update Stellar Cyber incidents with the results of D3 investigations
Get visibility across the entire attack surface, through Stellar Cyber’s threat detection and D3’s TTP dashboard

#1

Incident Escalation and Response

Stellar Cyber Open XDR collects data from disparate security tools and data sources, using AI-powered analysis and correlation to create high-fidelity incidents for genuine threats. Many incidents can be resolved directly via Stellar Cyber’s automated response capabilities. However, major incidents will benefit from the further investigation and response orchestration capabilities of SOAR.

When a high-fidelity incident in Stellar Cyber requires escalation, it can be pulled into D3 NextGen SOAR. Like Stellar Cyber, D3 also distinguishes between the alert and incident level, so the ingested incident stays as an incident in D3, with all of the high-fidelity data retained, including MITRE ATT&CK TTPs and AI-based risk scoring. D3 parses the IOCs from the incident and correlates them against past incident data, integrated threat intelligence sources, and data from integrated security tools.

Based on the incident data from Stellar Cyber and the added context from D3, the user can then trigger an incident-specific automation-powered playbook to remediate the threat. The D3 playbook will orchestrate response actions such as quarantining endpoints, updating firewall rules, deleting malicious emails from inboxes, and more. The TTPs involved will also be mapped against D3’s integrated MITRE ATT&CK dashboard. When the response is complete, the D3 playbook will update the incident in the Stellar Cyber platform, where the user can close the incident or carry out additional actions.

Integrating Open XDR and NextGen SOAR is an evolution beyond the traditional SIEM-to-SOAR model of threat detection and response. By connecting Stellar Cyber’s rich incident data to D3’s powerful playbooks, users can confidently respond to every level of threat with minimal screen-switching, manual tasks, or time spent on false positives. The bidirectional integration ensures that users of either system have up-to-date information on investigations, which eliminates redundant work.
#2

Actionable Intelligence

Most SOCs have access to threat intelligence, often from myriad sources. The challenge they face is consistently turning that intelligence into action. Without automation and integrations, security teams struggle to find the time to investigate every piece of threat intelligence to determine their risk and take the appropriate action.

D3 integrates with myriad threat intelligence sources. When threat intelligence is ingested into D3, the tool can parse the IOCs from the report or feed and correlate them against Stellar Cyber’s event space to find out if the threat is present in the environment. The D3 playbook runs a search query via Stellar Cyber’s API to find any instances of IP addresses, processes, and other artifacts that are implicated in the threat intelligence. If anything is found, the information is returned back to D3. The user can then review the evidence and choose to run a playbook to further investigate the extent of the threat and remediate it.

By building an automated, repeatable workflow for checking threat intelligence against Stellar Cyber’s rich database of events, joint users can act on all incoming intel without bogging down their team in additional tasks. D3 and Stellar Cyber users can identify, analyze, and respond to threats across the entire stack.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Stellar Cyber Open XDR Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.