Smart SOAR Integration

D3 Smart SOAR’s integration with Stellar Cyber Open XDR multiplies the investigation and response power of each platform, breaking down tool silos and integrating across the stack. MSSPs and in-house security teams use Smart SOAR and Stellar Cyber to create automated workflows for alert detection, analysis, and response.

Integration Features

Escalate incidents from Stellar Cyber to Smart SOAR for further analysis and response
Leverage higher-fidelity security incidents that reduce wasted time, eliminate repetitive tasks, and slash MTTR
Search Stellar Cyber’s wealth of security data from Smart SOAR
Correlate threat intelligence against IOCs in both platforms
Update Stellar Cyber incidents with the results of Smart SOAR investigations
Get visibility across the entire attack surface, through Stellar Cyber’s threat detection and Smart SOAR’s TTP dashboard

Key Use Cases


Incident Escalation and Response

Many incidents created by Stellar Cyber can be resolved directly via its automated response capabilities. However, when a high-fidelity incident in Stellar Cyber requires escalation, it can be pulled into Smart SOAR, retaining data such as its risk score and TTPs. Smart SOAR parses the IOCs from the incident and correlates them against past incident data, integrated threat intelligence sources, and data from integrated security tools.

The user can then trigger a Smart SOAR playbook to remediate the threat, which will orchestrate response actions such as quarantining endpoints, updating firewall rules, deleting malicious emails from inboxes, and more. The TTPs involved will also be mapped against D3’s integrated MITRE ATT&CK dashboard. When the response is complete, the D3 playbook will update the incident in the Stellar Cyber platform, where the user can close the incident or carry out additional actions.

Actionable Intelligence

Without automation, security teams struggle to find the time to investigate every piece of threat intelligence to determine risk and take the appropriate action. When threat intelligence is ingested into Smart SOAR, the tool can parse the IOCs from the report or feed and correlate them against Stellar Cyber’s event space to find out if the threat is present in the environment.

The Smart SOAR playbook then runs a search query via Stellar Cyber’s API to find any instances of IP addresses, processes, and other artifacts that are implicated in the threat intelligence. If anything is found, the information is returned back to D3. The user can then review the evidence and choose to run a playbook to further investigate the extent of the threat and remediate it.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Stellar Cyber Open XDR Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.