SumoLogic

By combining SumoLogic CSE for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window. When notable events trigger D3’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.

When a machine is hijacked to run a crypto mining script, the resulting drop in performance may generate an alert in SumoLogic. D3 can retrieve the alert, run it through MITRE ATT&CK correlation to identify tactics and techniques, and extract IOCs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required. D3 has a prebuilt automation-powered playbook for cryptojacking, which includes domain analysis and EC2 instance analysis.