Smart SOAR Integration

D3’s integrations with Symantec allow you to streamline SecOps and IR workflows, reduce manual coordination, and operationalize the MITRE ATT&CK framework across your security infrastructure. By using Smart SOAR to centralize, enrich, and correlate data, you make that data more actionable for your SOC. With D3’s Symantec integrations, you can automate SOC tasks that execute across Symantec’s Endpoint Protection, Messaging Gateway, Data Loss Prevention, and other third-party tools.

Integration Capabilities
Symantec Endpoint Protection Ingest alerts from Symantec Endpoint Protection to trigger Smart SOAR playbooks and orchestrate endpoint protection actions.
Symantec Messaging Gateway Add, access, and delete Messaging Gateway white/blacklists via Smart SOAR.
Symantec DLP Fetch DLP incidents.

Key Use Cases


Malware Enrichment and Incident Response

Smart SOAR integrates with Symantec tools to orchestrate actions across the security infrastructure, minimizing some repetitive tasks and automating others. Smart SOAR can ingest a malware alert from Symantec Endpoint Protection, parse out the IOCs, and trigger a malware-specific playbook, which automatically enriches the alert with threat intelligence and historical data to highlight correlations and quantify risk. The playbook can then trigger automated remediation actions—like quarantining an affected endpoint—or notify the responsible analysts and guide them through the necessary steps.

Potential Phishing Incident Analysis

When a phishing attempt is detected by a tool or reported to the SOC, Smart SOAR can trigger an automated phishing playbook that parses out the elements of the email and checks them against third-party threat intelligence, the MITRE ATT&CK Matrix, and historical incident data. If the email is confirmed as malicious, Smart SOAR can then orchestrate the appropriate response actions, including adding the sender’s IP to blacklists in Symantec Messaging Gateway and quarantining affected endpoints via Symantec Endpoint Protection.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Symantec Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.