D3 XGEN SOAR for Unauthorized Endpoint Access Attacks


Endpoint Protection, Step by Step

Step 1:   A potential unauthorized access event is ingested into D3 from an integrated endpoint protection tool and the analyst triggers the Endpoint Protection – Unauthorized Access playbook.

Step 2:   In the incident analysis stage, D3 retrieves processes from an integrated EDR tool, the user audit log, host information, and user details from Active Directory. D3 also orchestrates a search for related SIEM events.

Step 3:   D3 then extracts artifacts from the collected data and determines if critical assets are involved.

Step 4:  In the data aggregation stage, D3 assembles the investigation data for the analyst to review and then sets the incident severity.

Step 5:   5. In the remediation stage, D3 blocks users as necessary via Active Directory.


Benefits of Automated Endpoint Incident Response


✔  Stop the Spread of Malware

When a suspicious file is detected on an endpoint, D3 can rapidly determine what you’re dealing with, find out how far the compromise has reached, and prevent any further damage.

✔  Go Beyond EDR

Whether or not you have an EDR tool, D3 enables high-fidelity incidents for better analysis and response, by orchestrating across SIEM, threat intelligence sources, Active Directory, and other tools.

✔  Protect Critical Assets

D3 can quickly find out if critical assets or users are involved in an endpoint security event and escalate the severity of the incident appropriately.

✔  Enrich Endpoint Events

D3 extracts the artifacts from endpoint events and automatically checks them against integrated threat intelligence sources.


XGEN SOAR demo image

Deep-Dive SOAR Demo

Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.