D3 XGEN SOAR for Cryptojacking Attacks


Steps for Orchestrated Cryptojacking Response 

Step 1:   When D3 is alerted to a potential cryptojacking event, the analyst can trigger an incident-specific cryptojacking playbook.

Step 2:   D3 investigates the IOCs, determining the reputation of the URLs and IPs, and blocks them if necessary.

Step 3:   Simultaneously, D3 retrieves logs from Datadog or another integrated tool and also retrieves the details of the affected instance.

Step 4:   D3 retrieves the security group details of the affected instance and the analyst decides if the EC2 or hosts need to be quarantined. D3 then quarantines the EC instance and takes a volume snapshot.

Step 5:   Simultaneously, D3 queries the mapping list to get the McAfee ePO system name, groups, and system details.

Step 6:   D3 then orchestrates a scan of the EC2 instance via ePO.

Step 7:   Finally, D3 generates a summary report of the incident.



Benefits of Cryptojacking Protection


✔  Full Investigation of Incidents

D3 acts as a bridge between application performance monitoring (APM) tools and security tools, enabling users to turn evidence of cryptojacking into end-to-end, automation-powered investigation and response.

✔  Hybrid Security

D3 integrates with cloud and on-premise tools, empowering incident response that can leverage the entire security stack and span across environments.

✔  Automatic Escalation

Users of Datadog or another APM tool can set up filters to automatically escalate signs of cryptojacking to D3 for investigation.

✔  Act Quickly and Efficiently

By automating cryptojacking response, you can rapidly minimize the damage of attacks with minimal resources used on each incident.


XGEN SOAR demo image

Deep-Dive SOAR Demo

Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.