Skip to main content
Skip table of contents


Application Settings Enhancement

More Logo Customization Options

With this new release, you can now personalize and reinforce your brand's presence across various elements of the application. Here's what's new:

Application-Wide Logo Display: Solidify your brand identity within D3 SOAR with a system-wide logo, prominently placed at the top-left corner of every page. To set this up, go to Configuration > Application Settings > Logo Customization.

Site-Specific Logos for MSSPs: Tailoring to the unique needs of Managed Service Security Providers (MSSPs), our update enables the display of distinct logos for each client managed by MSSPs. This customization extends across all client-specific interfaces and incident report templates, maintaining a cohesive brand image for each client's site. This can be configured at Configuration > Organization Management > Sites.

Incident Workspace Enhancements

Updated UI Design

We've refined the user interface of the Incident Workspace to deliver a sleeker, more uniform experience.

Incident Overview: Linked Artifacts

We've introduced a new Linked Artifacts section in the Incident Overview tab for immediate visibility of all artifacts connected to the incident.

Incident Overview: Tabbed Dynamic Form Layout

Dynamic forms within the Incident Overview tab are now efficiently organized into tabs within the Dynamic Form section. This consolidation provides a more orderly representation of incident-related forms, eliminating the need for separate sections for each form.

Playbook Enhancements

Conditional Task: Updated Configuration UI

The conditional task settings have been restructured with a tabbed interface for an intuitive arrangement of configuration options. This update simplifies navigation and improves the user experience by logically grouping related settings.

Incident Playbooks: On Playbook Task Error Trigger

We've introduced the On Playbook Task Error trigger to enhance error management within incident playbooks. This feature, active by default for command, data formatter, conditional, and REST API tasks, triggers a follow-up workflow when an error occurs, such as sending an email alert to an analyst. It's designed for quick response and can be disabled as needed.

To prevent potential infinite error loops, workflows initiated by this trigger will not reactivate the trigger if they fail. When the follow-up workflow is activated, you can access the task's name and error message in the returned playbook data located at the paths $.Trigger.taskName and $.Trigger.taskErrorMessage, respectively.

Data Ingestion Enhancement

Event and Incident Creation Count Indicator

An event and incident creation count indicator has been added to event and incident intake logs. This feature systematically tallies the outcomes of each ingestion job. Accessing the event intake logs now provides a count of newly created events, while the incident intake logs display the total number of incidents generated.

Utility Commands

The following utility commands have been added to this release of D3 SOAR.



Clone and Schedule Data Ingestions

Clone a new schedule from the current schedule connection to a new schedule connection within the integration. If the current schedule connection is empty, then create a new schedule in the new schedule connection within the integration.

Share Global Lists across Sites

Shares global lists across sites.

Publish Playbooks across Sites

Publishes live playbooks across sites.


Updated Integrations

The following integrations have been updated in this release of D3 SOAR.

Integration Name



New commands: Get Case Details, Get DLR Incident Details, Get WSS Scanning Details, Get WSS Scanning Vulnerability Details, List Authorised Executives, List Whitelisted Executives

Fetch Event: Added new options for the Event Type parameter: Incident, Data Loss Recovery, Brand Abuse Monitoring, Executive Monitoring, Social Media Monitoring, Domain Names Monitoring, Mobile App Monitoring, Case Message

New event sources: DLR Incident, Domain Monitoring, Brand Abuse Monitoring, Executive Monitoring, Mobile App Monitoring, Social Media Monitoring, Case Messages

Added default field mappings for all event sources

Microsoft 365 Defender

New commands: Create Alert Comment, Fetch Event, Get Alerts, Get Incident Alerts, Update Alerts

Palo Alto Networks Firewall V10

New commands: Block IPs By Adding To AddressGroup

Stellar Cyber

New commands: Fetch Incident, Update Incidents

The Search Events command has been renamed to Search Incidents with an updated description.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.