XGEN SOAR makes it easy to locate threats in your environment, wherever they’re hiding. Using signature and behavior-based methods, D3’s threat hunting playbooks enable you to uncover connections, identify dangers, and proactively search for ongoing incidents.

Get a Demo

Automate Threat Hunting

Security teams don’t have the time for slow, manual threat hunting, which allows dangerous threats to go undetected. The solution is automation-powered threat hunting.

Integrate Your Tools

With 360+ integrations, XGEN SOAR can connect to all your tools to orchestrate threat hunting that covers your entire environment from one interface.

Leverage the Latest Intelligence

Quickly turn reports from integrated threat intelligence sources into threat hunting to ensure you’re always up-to-date with potential risks.

Manage Investigations

Make it easy to schedule automated threat hunts, minimize manual steps, and review the results, using XGEN SOAR’s playbooks and investigation management features.

Indicators of Attack (IOA) Search

Extract indicators of attack (IOAs) from D3’s high-fidelity incidents and use them to run searches across your entire environment. Automatically find IOAs across other events, logs, and endpoints, while expanding your understanding of the incident by incorporating linked IOAs into the search.



Place important IOAs and TTPs under surveillance, with playbooks that automatically track them. When a sign of a potential attack is detected, you can monitor the behaviors that would represent further links in that kill chain. Surveillance allows you to keep a constant eye on the most pressing threats, knowing that you’ll be alerted immediately when they’re involved in an incident.


Track and visualize the occurrence of each ATT&CK technique in your environment with D3’s MITRE ATT&CK Monitor dashboard. You’ll know at a glance what techniques your adversaries are using against you and where to focus your resources.


Cyber Threat Hunting Playbooks

Orchestrate threat hunting workflows with D3’s automation-powered Tier 3 playbooks. Contextualize security events using integrations with email, identity, endpoint, and network tools. Identify connections between events, uncover the user account that is responsible for a malicious process, and widen the scope to find related IOAs across your organization.

Hundreds of Premium Integrations

Fully featured and vendor-agnostic, XGEN SOAR’s integrations can be launched and operating in seconds, with minimal time or effort required for setup and maintenance.


10x Real World SOAR Case Study

10x: Real-World SOAR Case Study



Product Guide for D3 NextGen SOAR Platform

NextGen SOAR Product Guide

Threat Hunting FAQ

Can threat hunting be automated?

Yes. Using D3 XGEN SOAR, users can create scheduled or ad hoc threat hunting workflows that automatically run based on new threat intelligence reports. D3 also orchestrates threat hunting across endpoints and integrated tools to minimize manual work.

How can I use MITRE ATT&CK in my threat hunting?

When an incoming event is tagged by a detection tool as involving an ATT&CK technique, D3 XGEN SOAR can, as part of its response, trigger searches across the SIEM, EDR, and other tools to find more traces of the technique or techniques that could be part of the same kill chain.

How do I turn threat intelligence into threat hunting?

By integrating with threat intelligence platforms, D3 XGEN SOAR can ingest threat intelligence reports and run threat hunting searches to identify any traces of the threats in the environment. The process can be fully automated.

Does SOAR have threat hunting playbooks?

Yes, D3 XGEN SOAR has specific playbooks and automated sequences for threat hunting. These can be standalone, or subsections of response playbooks for other use-cases.