|Symantec Endpoint Protection||Ingest alerts from Symantec Endpoint Protection to trigger D3 playbooks and orchestrate endpoint protection actions.|
|Symantec Messaging Gateway||Add, access, and delete Messaging Gateway white/blacklists via D3.|
|Symantec DLP||Fetch DLP incidents.|
D3 integrates with Symantec tools to orchestrate actions across the security infrastructure, minimizing some repetitive tasks and automating others. D3 can ingest a malware alert from Symantec Endpoint Protection, correlate the IOCs against the MITRE ATT&CK, and trigger a malware-specific playbook, which automatically enriches the alert with threat intelligence and historical data to highlight correlations and quantify risk. The playbook can then trigger automated remediation actions—like quarantining an affected endpoint—or notify the responsible analysts and guide them through the necessary steps.
When a phishing attempt is reported to the SOC, D3 can trigger an automated phishing playbook that parses out the elements of the email and checks them against third-party threat intelligence, the MITRE ATT&CK Matrix, and historical incident data. If the email is confirmed as malicious, D3 can then orchestrate the appropriate response actions, including adding the sender’s IP to blacklists in Symantec Messaging Gateway and quarantining affected endpoints via Symantec Endpoint Protection.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.