Zoom in on important incidents with D3’s investigation dashboard. See the events, IOCs, and people involved, and track the links between them. Run threat hunting playbooks based on high-fidelity incident data.
D3 extracts indicators of compromise (IOCs) from incoming incidents and uses them to run searches across your entire environment. Automatically find IOCs across other events, logs, and endpoints, while expanding your understanding of the incident by incorporating linked IOCs into the search.
Place important IOCs and TTPs under surveillance, with playbooks that automatically track them. When a sign of a potential attack is detected, you can monitor the behaviors that would represent further links in that kill chain. Surveillance allows you to keep a constant eye on the most pressing threats, knowing that you’ll be alerted immediately when they’re involved in an incident.
Track and visualize the occurrence of each ATT&CK technique in your environment with D3’s MITRE ATT&CK Monitor dashboard. You’ll know at a glance what techniques your adversaries are using against you and where to focus your resources.
Orchestrate threat hunting workflows with D3’s automation-powered Tier 3 playbooks. Contextualize security events using integrations with email, identity, endpoint, and network tools. Identify connections between events, uncover the user account that is responsible for a malicious process, and widen the scope to find related IOCs across your organization.