SOAR 2.0: Redefining SOAR with the MITRE ATT&CK Framework

SOAR 2.0: Redefining SOAR with the MITRE ATT&CK Framework

Evolving from Event-Based to Intent-Based Response

SOAR platforms are broadly effective at the linear process of intaking events and orchestrating response actions. However, they vary widely in their ability to support larger investigations that identify the entire scope of an incident. This is why D3 has become the first SOAR provider to fully build a live and contextual cyber kill chain framework—based on the MITRE ATT&CK matrix—into its platform to investigate how events fit into larger incidents, based on IOCs and attack techniques.

Download this Whitepaper to Learn:

  • The key differences between event-based (SOAR 1.0) and intent-based (SOAR 2.0) response.
  • Why event-based SOAR can miss major cyber attacks by focusing too narrowly on individual events.
  • How D3 uses the ATT&CK framework to correlate events contextually at near real-time with other links in the cyber kill chain.
  • Why the intelligent correlation capabilities of SOAR 2.0 result in better, more informative and conclusive incident response.