Symantec Integration

XGEN SOAR Integration

D3’s integrations with Symantec allow you to streamline SecOps and IR workflows, reduce manual coordination, and operationalize the MITRE ATT&CK framework across your security infrastructure. By using D3 to centralize, enrich, and correlate data, you make that data more actionable for your SOC. With D3’s Symantec integrations, you can automate SOC tasks that execute across Symantec’s Endpoint Protection, Messaging Gateway, Data Loss Prevention, and 500+ third-party tools.
Symantec Integration

Download Integration Guide



Integration Capabilities
Symantec Endpoint Protection Ingest alerts from Symantec Endpoint Protection to trigger D3 playbooks and orchestrate endpoint protection actions.
Symantec Messaging Gateway Add, access, and delete Messaging Gateway white/blacklists via D3.
Symantec DLP Fetch DLP incidents.

Key Use Cases

Symantec Integration

#1: Malware Enrichment and Incident Response

D3 integrates with Symantec tools to orchestrate actions across the security infrastructure, minimizing some repetitive tasks and automating others. D3 can ingest a malware alert from Symantec Endpoint Protection, correlate the IOCs against the MITRE ATT&CK, and trigger a malware-specific playbook, which automatically enriches the alert with threat intelligence and historical data to highlight correlations and quantify risk. The playbook can then trigger automated remediation actions—like quarantining an affected endpoint—or notify the responsible analysts and guide them through the necessary steps.
Symantec Integration

#2: Potential Phishing Incident Analysis

When a phishing attempt is reported to the SOC, D3 can trigger an automated phishing playbook that parses out the elements of the email and checks them against third-party threat intelligence, the MITRE ATT&CK Matrix, and historical incident data. If the email is confirmed as malicious, D3 can then orchestrate the appropriate response actions, including adding the sender’s IP to blacklists in Symantec Messaging Gateway and quarantining affected endpoints via Symantec Endpoint Protection.
X Symantec Integration