Smart SOAR Integration

With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste hashes hundreds of times per day in order to check their reputation. With D3’s VirusTotal integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.

VirusTotal Integration

Integration features

Automatically enrich alerts with VirusTotal intelligence
Use VirusTotal data to inform reputation and prioritization scoring in Smart SOAR
Build a repository of hashes, IP addresses, domain names in Smart SOAR
Benefit from flexible configuration options

Key Use Cases

#1

Automated Hash Lookups

Analysts are expected to rapidly investigate incidents without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from VirusTotal. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Smart SOAR automatically populates the incident record with hashes and other relevant data. An analyst can search through the Smart SOAR console, and instantly bring over additional field-data. Plus, it’s agile. You can change the integration parameters via our easy-to-use admin tool.
#2

Potential Phishing Analysis

When a potential phishing email is escalated to Smart SOAR, either through an email protection system or manually by the recipient, Smart SOAR extracts the sender’s domain and the URL of any links in the message. Smart SOAR then uses VirusTotal or another integrated service to retrieve the IP address associated with the sender and/or URL. Based on the result, the Smart SOAR user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions. If the risk score is deemed low, the incident can be closed as a false positive.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X VirusTotal Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.