Master tenant users can now manage incidents and events from all connected tenant sites within the investigation dashboard. Tenant instance events are available under Events > All Events (<Tenant>), while tenant instance incidents are available under Incidents > All Incidents (<Tenant>).
Enhancements
Dynamic Python Library Import
Custom Python command pages now include a Libraries tab that allows users to define and manage external library dependencies. Dependencies can be added or edited while the command is in Draft mode, with validation for syntax, duplication, and compatibility against Python 3.9 standards. These dependencies are installed at runtime, and users must still include the appropriate import statements in their code to use them.
Feature Availability
The dynamic Python library import feature is available for all custom integration and utility commands.
For built-in integrations, it becomes available when users extend functionality by adding custom commands. Support for this feature within integration commands is steadily expanding, and integrations that currently support it will display a Libraries tab.
Integrations supporting the dynamic python library feature also include a For Built-in Commands sub-tab. This read-only view shows the libraries used by built-in commands, allowing users to leverage them and avoid duplicate import statements when creating custom commands.
Creating a Custom Utility Command Using an External Library
To demonstrate the use of this feature, follow the steps below to create a translator that accepts an input string and translates it into Spanish using the Google Translator library for use within a playbook.
Navigate to the Configuration module, then select the Utility Commands sub-module.
Add a new custom command.
Click the button.
Enter the display name for the command (i.e., Translate to Spanish).
Ensure that the Python option is selected as the implementation method.
Click the + Add button.
Paste the code below into the code editor, replacing any existing content.
PY
from deep_translator import GoogleTranslator # Imports the translation tool used to convert text into another language
import uuid # Imports a tool to generate a unique ID for tracking each translation
def TranslateToSpanish(*args):
"""
Translates user input into Spanish using GoogleTranslator from deep-translator.
args[0]: input text to translate
"""
errors = [] # Will store any errors that occur during the process
returnData = "Successful" # Default result status
context = [] # Optional metadata (unused here)
keyFields = {} # Optional key field storage (unused here)
resultData = {} # Will hold the final output data
raw = {
"Results": [], # Will show the input and translated text
"D3Errors": [] # Placeholder for any system-specific errors
}
trace_id = str(uuid.uuid4()) # Creates a unique ID for tracking this translation request
try:
# Checks if the user provided text and if it is not just empty spaces
if not args or not args[0].strip():
errors.append("An input phrase is required as the first argument.") # Adds an error message
return pb.returnOutputModel({}, "Failed", {}, [], {}, errors) # Returns a failure result
original_text = args[0].strip() # Cleans up the user's input by removing unnecessary spaces
# Translates the input text into Spanish, automatically detecting the source language
translated_text = GoogleTranslator(source='auto', target='es').translate(original_text)
# Prepares the main output data
resultData = {
"trace_id": trace_id, # Unique ID for the request
"original": original_text, # Original text provided by the user
"translated": translated_text # Translated Spanish version
}
# Stores the input/output pair in the results
raw["Results"].append({
"Input": original_text,
"Output": translated_text
})
except Exception as err:
# If something goes wrong, record the error and update the status
errors.extend(err.args)
returnData = "Failed"
# Returns all results, including the translated text, tracking ID, and any errors
return pb.returnOutputModel(
resultData,
returnData,
keyFields,
context,
raw,
errors
)
Define the external dependencies used in the code.
Navigate to the Libraries tab.
Paste the code below into the mini code editor to define any external dependencies used in the command.
PY
deep-translator==1.11.4
The format for each entry is: <library name>==<version number> (e.g., deep-translator==1.11.4).
Click the Save button to apply the changes.
Add a field that allows users to input the original text to be translated into Spanish.
Navigate to the Inputs tab.
Click the + New Input Parameter button.
Name the parameter original_text.
(Optional) Add a display name to improve clarity for users interacting with the command.
(Optional) Provide a description to clarify the purpose of the input parameter.
(Optional) Add sample data to illustrate expected input.
Click the + Add button.
Enable the command for use in a playbook.
Navigate to the Settings tab.
Select the Command Task checkbox.
Click the Submit button.
Click the Submit button on the pop-up window.
RESULT
Users will be able to find and use this custom utility command as a command task in a playbook. If the command executed successfully, users can click the button to view the translated text.
The original and translated texts shown on the Result tab.
Site-Level Artifact Segregation for Client Sites
The same artifact appearing on different client sites (e.g., TW Client 1 and TW Client 2) is now treated as a distinct entity on each site. While the artifact value is identical, each instance has a unique artifact ID, clearly indicating separation between client sites.
Artifacts are now scoped to individual client sites to enforce strict data isolation. Identical artifacts detected across different client sites are treated as distinct entities, ensuring that artifact data remains confined to the site where it originated. Existing identical artifacts previously ingested across client sites are now also treated as separate entities within their respective sites.
Mitre Tactics and Techniques Feature Now Supports New TAXII 2.1
The Update Mitre Tactics and Techniques feature now uses the latest TAXII 2.1 API, enabling faster retrieval, improved filtering, and more reliable synchronization of MITRE ATT&CK data.
Utility Commands
Updated Commands
The following utility commands have been updated in this release of D3 SOAR.
Commands
Changes
Update Identical Event
A new parameter, Skip Event Creation, has been added, allowing updates to identical events without creating or dismissing new ones. When enabled, the system updates the existing event and records the update in the ingestion log and event note, including the event ID and a link to the associated playbook execution for reference.
Integrations
New Integrations
The following integrations have been added to this release of D3 SOAR.
Integration Name
Description
FortiEDR
FortiEDR is an Endpoint Detection and Response (EDR) solution developed by Fortinet that provides real-time threat prevention, detection, and automated response on endpoints such as desktops, laptops, and servers.
Updated Integrations
The following integrations have been updated in this release of D3 SOAR.
Integration Name
Changes
Cisco Adaptive Security Appliance
Connection
Connection logic has been enhanced to better support REST API, HTTP Automation Interface, and SSH connection methods based on Cisco ASA instance configuration.
Cortex XDR
New Command(s)
Cancel Scan Hosts
Create Indicator
Get Action Status
Get XQL Query Results
Retrieve Files
Retrieve PCAP Packet
Scan Hosts
Start XQL Query
Prisma Cloud
New Command(s)
Dismiss Alerts (replaced the Dismiss Alerts command)
Remediate Alerts
Test Connection
Deprecated Command(s)
Dismiss Alerts (replaced by the new Dismiss Alerts command)
SentinelOne
Updated Command(s)
Fetch Event: Added the Threat Time Fieldoptional parameter to filter threat data.
Telegram
New Command(s)
Create Webhook
Fetch Event (for event ingestion via webhook only)
Remove Webhook
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.