Brand impersonation alerts created by ZeroFox can be escalated to D3 for analysis and response via a Brand Protection Playbook. D3 strips out the elements of the alertand checks them against integrated threat intelligence sources. If the URL is known to be malicious, D3 submits it to the firewall to be blocked. D3 then searches for emails containing the URL and runs a phishing email sub-playbook. D3 can also search an integrated SIEM to find internal hosts that have connected to the URL and determine if any data was lost. D3 can orchestrate specific actions in ZeroFox, such as triggering a takedown request, adding the URL to a threat feed, assigning the incident to a user, and sending an email notification to that user.
By integrating with D3 and ZeroFox you can automatically enrich events from your detection tools with ZeroFox threat intelligence, as well as assess their criticality through additional data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.