In this short video, D3’s security expert Stan Engelbrecht walks you through an AWS cryptomining playbook and some of the manual and automated actions within the SOAR platform.

Steps for Orchestrated Cryptojacking Response

Step 1:
When D3 is alerted to a potential cryptojacking event, the analyst can trigger an incident-specific cryptojacking playbook.
Step 2:
D3 investigates the IOCs, determining the reputation of the URLs and IPs, and blocks them if necessary.
Step 3:
Simultaneously, D3 retrieves logs from Datadog or another integrated tool and also retrieves the details of the affected instance.
Step 4:
D3 retrieves the security group details of the affected instance and the analyst decides if the EC2 or hosts need to be quarantined. D3 then quarantines the EC instance and takes a volume snapshot.
Step 5:
Simultaneously, D3 queries the mapping list to get the McAfee ePO system name, groups, and system details.
Step 6:
D3 then orchestrates a scan of the EC2 instance via ePO.
Step 7:
Finally, D3 generates a summary report of the incident.

Benefits of Cryptojacking Protection

Checked Icon

Full Investigation of Incidents

D3 acts as a bridge between application performance monitoring (APM) tools and security tools, enabling users to turn evidence of cryptojacking into end-to-end, automation-powered investigation and response.
Checked Icon

Hybrid Security

D3 integrates with cloud and on-premise tools, empowering incident response that can leverage the entire security stack and span across environments.
Checked Icon

Automatic Escalation

Users of Datadog or another APM tool can set up filters to automatically escalate signs of cryptojacking to D3 for investigation.
Checked Icon

Act Quickly and Efficiently

By automating cryptojacking response, you can rapidly minimize the damage of attacks with minimal resources used on each incident.

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.