Stellar Cyber Open XDR

Many incidents created by Stellar Cyber can be resolved directly via its automated response capabilities. However, when a high-fidelity incident in Stellar Cyber requires escalation, it can be pulled into Smart SOAR, retaining data such as its risk score and TTPs. Smart SOAR parses the IOCs from the incident and correlates them against past incident data, integrated threat intelligence sources, and data from integrated security tools.

The user can then trigger a Smart SOAR playbook to remediate the threat, which will orchestrate response actions such as quarantining endpoints, updating firewall rules, deleting malicious emails from inboxes, and more. The TTPs involved will also be mapped against D3’s integrated MITRE ATT&CK dashboard. When the response is complete, the D3 playbook will update the incident in the Stellar Cyber platform, where the user can close the incident or carry out additional actions.

Without automation, security teams struggle to find the time to investigate every piece of threat intelligence to determine risk and take the appropriate action. When threat intelligence is ingested into Smart SOAR, the tool can parse the IOCs from the report or feed and correlate them against Stellar Cyber’s event space to find out if the threat is present in the environment.

The Smart SOAR playbook then runs a search query via Stellar Cyber’s API to find any instances of IP addresses, processes, and other artifacts that are implicated in the threat intelligence. If anything is found, the information is returned back to D3. The user can then review the evidence and choose to run a playbook to further investigate the extent of the threat and remediate it.