D3’s integration with Tenable solves these issues by feeding vulnerability scans into automation-powered response workflows. When Tenable runs a scan across endpoints and detects a vulnerability, D3 reads and parses the scan report and generates an incident response playbook. D3 determines the endpoint on which the vulnerability was found and enriches the report with contextual information, including how the vulnerability fits into a MITRE ATT&CK kill chain. The user can notify the necessary teams from D3 or generate an IT ticket via D3 to schedule a patch or update. If the organization has existing scripts for patch management, D3 can trigger those directly.

As described in the previous use-case, D3 can generate a ticket for the IT team to resolve a vulnerability found on endpoints via a patch or update. When the IT team closes the ticket, a notification is generated in D3. D3 then schedules a rescan of the affected endpoints via Tenable to verify that the patch has been successfully applied. D3 then ingests the rescan report so that the security analyst can confirm that the vulnerability has been remediated, and so that the entire process is documented in the SOC.