Smart SOAR Integration

D3 Smart SOAR’s integration with Trend Micro Vision One enables security teams to process Trend Micro alerts through Smart SOAR playbooks to identify and dismiss false positives. They can do this by collecting and analyzing contextual data from across their network. True threats are escalated for investigation where analysts can trigger remediation and investigation actions without leaving Smart SOAR. The integration allows for actions to be taken on the email, network, and endpoint security levels both automatically and manually.

Integration Features

Ingest and manage all alerts in one platform.
Check raw alert data for signs of false positives and dismiss on ingestion.
Manage email, endpoint, and network security from inside Smart SOAR.
Combine information from other tools to assist with investigation and response.


Suspicious Process Integration

All security alerts can be ingested into Smart SOAR from Trend Micro Vision One and handled uniquely based on the incident type. For example, if a suspicious process is found to be executing, playbooks inside Smart SOAR can query your EDR for recent activity executed by that device. The results can be compared to the alert and if a match is found, the alert is escalated to an analyst. Smart SOAR can also gather extra information on the affected users and devices to show the analyst the potential impact and scope of this alert. The analyst can then terminate the process or isolate the endpoint from within Smart SOAR.

Email Investigation

If a suspicious email is detected, Smart SOAR can parse the header information, such as SPF and DKIM results, analyze it, and automatically dismiss or escalate the event. If the event is escalated, attachments and URLs included in the email can be enriched through Trend Micro Vision One or a third-party threat intelligence platform to give the investigation team more information on the artifacts inside the alert. If the email is verified as a phishing or spam attempt, the email can be quarantined or deleted, and the sender can be blacklisted through the Trend Micro Vision One API.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Trend Micro Vision One Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.