Getting Started

LAST UPDATED DEC 04, 2024

What is D3 SOAR?

Discover the core components of D3 SOAR, a comprehensive security orchestration, automation and response (SOAR) platform that transforms how organizations manage their security operations.

D3 SOAR tackles one of the most critical challenges in modern cybersecurity: managing an overwhelming volume of security alerts while navigating the complexities of numerous independent security tools. By providing a centralized platform for security orchestration and automation, D3 SOAR revolutionizes how security teams respond to and manage incidents.

The platform stands out through its extensive integration capabilities with over 450 security tools, its sophisticated playbook automation, and its seamless incorporation of the MITRE ATT&CK framework. Its three-tier data model and artifact management system standardize and enrich security data, while the playbook editor and automation features dramatically reduces incident response times while improving the accuracy and consistency of security operations.

The diagram here depicts D3 SOAR's integrated approach, where each component contributes to a streamlined security workflow as explained in the following sections

Integrations 

The Integration module is D3 SOAR's central nervous system for connecting with security tools and services. Through the Connections module, organizations can seamlessly integrate with over 450 cybersecurity tools across categories like SIEM, EDR, Threat Intelligence, and ITSM. This component enables unified security operations by centralizing tool management and monitoring connection health.

See Integrations for more information.

Playbook Automation

D3 SOAR's Playbook Automation engine provides a codeless environment for creating and managing automated security workflows. It offers two distinct playbook types: Incident Playbooks for complex incident response workflows, and Event Playbooks for standardized event processing. The visual playbook editor allows teams to design, test, and deploy automated workflows without writing code.

See Event Playbooks and Incident Playbooks for more information.

Data Management System

The Data Management System employs a sophisticated 3-tier data model (Subevent, Event, and Incident) to normalize and structure security data. This component includes robust field mapping capabilities and automated artifact extraction, enabling consistent data processing and correlation across the platform. The system automatically identifies and enriches key artifacts like IP addresses and file hashes using integrated threat intelligence services.

See Data Model and Normalization for more information.

MITRE ATT&CK Integration

The MITRE ATT&CK Framework component provides a globally recognized system for understanding and categorizing cyber threats. By fully embedding this framework into the platform, D3 SOAR enables security teams to map and analyze security events using standardized tactics and techniques. The ATT&CK Monitor module serves as the command center for this capability, offering enterprise-wide visibility into potential threats and attack patterns across your security landscape.

See MITRE ATT&CK Monitor for more information.

Collaboration and Reporting

The platform's collaboration features center around the Incident Workspace, providing teams with a unified environment for incident management and response. The Reporting Dashboard module delivers customizable visualizations and metrics tracking, enabling teams to monitor KPIs, track SLAs, and analyze security trends over time.

See Reporting Dashboards for more information.