Sumologic Integration

XGEN SOAR Integration

D3 acts as a unified dashboard for analysis and investigation of SumoLogic Cloud SIEM Enterprise (CSE) events, enriching events with correlated MITRE ATT&CK matrix techniques, threat intelligence, and historical incident data. From D3, SumoLogic users not only benefit from automation and orchestration-powered response workflows but also robust investigative case management and reporting toolsets. Sumo Logic’s cloud monitoring capabilities enable D3 to orchestrate response to events detected in AWS, Azure, GCP, and other cloud services.
SumoLogic Integration

Integration features

1
Increase the speed and quality of triage by enriching SumoLogic events using D3 SOAR
2
Turn cloud performance events into automation-powered playbooks for everything from cloud service outages to security breaches
3
Orchestrate comments, status updates, and assignees in SumoLogic from D3

Key Use Case

#1

Event Escalation and Enrichment

By combining SumoLogic CSE for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window. When notable events trigger D3’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.
#2

Cryptojacking Detection and Response

When a machine is hijacked to run a crypto mining script, the resulting drop in performance may generate an alert in SumoLogic. D3 can retrieve the alert, run it through MITRE ATT&CK correlation to identify tactics and techniques, and extract IOCs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required. D3 has a prebuilt automation-powered playbook for cryptojacking, which includes domain analysis and EC2 instance analysis.
X SumoLogic Integration