XGEN SOAR makes it easy to locate threats in your environment, wherever they’re hiding. Using signature and behavior-based methods, D3’s threat hunting playbooks enable you to uncover connections, identify dangers, and proactively search for ongoing incidents.
Get a DemoSecurity teams don’t have the time for slow, manual threat hunting, which allows dangerous threats to go undetected. The solution is automation-powered threat hunting.
With 360+ integrations, XGEN SOAR can connect to all your tools to orchestrate threat hunting that covers your entire environment from one interface.
Quickly turn reports from integrated threat intelligence sources into threat hunting to ensure you’re always up-to-date with potential risks.
Make it easy to schedule automated threat hunts, minimize manual steps, and review the results, using XGEN SOAR’s playbooks and investigation management features.
Extract indicators of attack (IOAs) from D3’s high-fidelity incidents and use them to run searches across your entire environment. Automatically find IOAs across other events, logs, and endpoints, while expanding your understanding of the incident by incorporating linked IOAs into the search.
Place important IOAs and TTPs under surveillance, with playbooks that automatically track them. When a sign of a potential attack is detected, you can monitor the behaviors that would represent further links in that kill chain. Surveillance allows you to keep a constant eye on the most pressing threats, knowing that you’ll be alerted immediately when they’re involved in an incident.
Track and visualize the occurrence of each ATT&CK technique in your environment with D3’s MITRE ATT&CK Monitor dashboard. You’ll know at a glance what techniques your adversaries are using against you and where to focus your resources.
Orchestrate threat hunting workflows with D3’s automation-powered Tier 3 playbooks. Contextualize security events using integrations with email, identity, endpoint, and network tools. Identify connections between events, uncover the user account that is responsible for a malicious process, and widen the scope to find related IOAs across your organization.
Fully featured and vendor-agnostic, XGEN SOAR’s integrations can be launched and operating in seconds, with minimal time or effort required for setup and maintenance.
Yes. Using D3 XGEN SOAR, users can create scheduled or ad hoc threat hunting workflows that automatically run based on new threat intelligence reports. D3 also orchestrates threat hunting across endpoints and integrated tools to minimize manual work.
When an incoming event is tagged by a detection tool as involving an ATT&CK technique, D3 XGEN SOAR can, as part of its response, trigger searches across the SIEM, EDR, and other tools to find more traces of the technique or techniques that could be part of the same kill chain.
By integrating with threat intelligence platforms, D3 XGEN SOAR can ingest threat intelligence reports and run threat hunting searches to identify any traces of the threats in the environment. The process can be fully automated.
Yes, D3 XGEN SOAR has specific playbooks and automated sequences for threat hunting. These can be standalone, or subsections of response playbooks for other use-cases.