Skip to main content
Skip table of contents

17.3.6

New Features

Built-In Syslog Forwarding

Anno release_img_white_padding (1).png

Syslog forwarding from D3 to third-party SIEM applications has been available through the Syslog Sender integration. This update adds a built-in option in Configuration > Application Settings > SIEM Log Synchronization that automatically sends logs every minute via a job queue, including user login attempts, incident changes, role and permission updates, playbook changes, and Proxy Agent logs.

Configuring Syslog Forwarding from Application Settings
Group 5 (1).png

  1. Click the + Add Siem Log Configuration button.

  2. Input the hostname and port.

  3. Select the protocol (UDP or TCP).

  4. Select the Enabled checkbox.

  5. Save the settings to enable automated Syslog generation and forwarding.

  6. Verify log ingestion in the third-party SIEM by performing test actions in D3 and monitoring real-time feeds.

Utility Commands

New Commands

The following utility commands have been added to this release of D3 SOAR.

Commands

Functionality

Cancel Connected Tasks

This command can cancel any tasks before it in the same path.

For a task to be canceled, it must meet three conditions:

  1. The task must be linked and precede the Cancel Remaining Connected Tasks command.

  2. The task must be in the same playbook instance as the Cancel Remaining Connected Tasks command.

  3. The task must be on the same execution path as the Cancel Remaining Connected Tasks command.

This command ensures that any unresolved tasks are automatically canceled, helping to maintain the integrity of the playbook execution and prevent unintended behavior.

View Example

SCENARIO Use the Cancel Remaining Connected Tasks command to terminate an escalation path when vendor support responds to a help request within 24 hours.

Consider the following playbook:

Group 1.png

The playbook automates vendor support outreach with a fallback escalation path set to execute after a delay of 24 hours. It has two parallel execution paths:

  • Path A – Email Sent to Support

    Group 2.png

    If the vendor responds within 24 hours, this path proceeds and reaches the Cancel Remaining Connected Tasks command first. Therefore, the escalation path (i.e., the bottom two tasks) is canceled since no escalation is necessary.

  • Path B – 24-Hour Timeout and Escalation

    Group 3 (1).png

    If the user receives no response or a delayed response from vendor support, this path reaches the Cancel Remaining Connected Tasks command first to trigger the escalation task (represented as a stage task node).

This sample workflow ensures a single resolution, preventing redundant actions and minimizing operational overhead and expenses associated with escalation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close