Skip to main content
Skip table of contents

Application Settings


In Application Settings, you can customize nearly every aspect of D3 SOAR and the user experience. All changes made in Application Settings are effective immediately, making it flexible and convenient for you to make and apply changes to the application.

You can access the Application Settings module by clicking on the gear icon at the bottom left corner of the configuration navigation bar.

The configurable options in the Application Settings module are:

Ad Hoc Task Configuration

Add to a list of task types. These are used to label Ad Hoc Tasks in an incident response.

Dashboard Columns

Add and configure custom columns in the investigation dashboard tables to event and incident lists.

The custom columns will be automatically added to the investigation dashboard. You can enable or disable the column by clicking the more icon on the top right corner of event and investigation lists.

Event Dashboard

The editor space contains a template for adding custom event dashboard columns in JSON.

Specify the field, width, index, and whether you want to enable filter or sort for this column.

An example of the JSON format below:

        "fieldName": "Source IP address",
        "width": 200,
        "index": 0,
        "enableFilter": false,
        "enableSort": false
        "fieldName": "Destination IP address",
        "width": 200,
        "index": 0,
        "enableFilter": false,
        "enableSort": false

The saved custom columns will appear in investigation dashboard and you can enable or disable these columns similar to the built-in ones.

Incident Dashboard

In this section, you can add custom incident list columns by referencing the custom sections in the incident workspace.

This requires the input of ElementIDs, which are used to refer to activity and info activity in an incident form. These can be acquired by going to Advanced Settings > Incident Reports > Forms > Elements, ID column.

A maximum of 20 columns can be added. Use a comma , to separate each ElementID.

These columns can be enabled or disabled in the investigation dashboard, similar to the event dashboard columns.

Email Domain Whitelist

The Email Domain Whitelist is a list of approved email domains for adding new users. The domain of a user’s email address must be added in the email domain Whitelist for user creation.

Email domains must contain a top-level domain, and cannot contain the @ symbol.

For example:, the email domain is “”

You should set up your Email Domain Whitelist in the beginning of configuring the vSOC system.

Reader Note

If no email domains are added to the Email Domain Whitelist (i.e. the Email Domain Whitelist is empty), all domains are permitted.

Temporary Login Lock

In this setting, you can set the number of allowed login attempts for a user, and the lockout period when someone exceeds the number of failed attempts.

Edit the Setting of Each Site

Each Site has a default setting: 3 login attempts, and a lockout period of 120 minutes. You can view and edit each Site’s setting by navigating the Site dropdown menu.

Apply Settings to Site(s)

After configuring your setting, you can apply these settings to your Site by clicking on the Save button at top right, and/or other Sites (if you’re an MSSP).

  1. Click Apply to Sites.

A pop-up modal of Sites you can publish to will appear. The Site you are currently on will be selected by default.

  1. Choose Site(s) to publish the settings to.

  2. Click on

Save to confirm all changes.

Reader Note

When selecting Sites to apply settings to, if you deselect the current Site you’re on, the changes will not be applied there.

Enforce Password Policy

This setting lets you determine the number of unique new passwords you need to have associated with your account, before you can reuse an old password. You can additionally set a minimum and maximum password length.

SLA List

This is where you can add service-level agreement options in JSON format to be used in the SLA Task in the Playbook Editor. Options added in this configuration will become available options in the SLA Playbook Task.

SLA configuration in Application Settings

SLA Task in Incident Playbook

Web Config

Web Config provides you with all the global configuration fields that you can access and modify. Each setting has a detailed description to guide you through the configuration.

All changes here will apply to the entire system, across multiple Sites (for MSSPs).

Password expiration check

Reader Note

This feature is not enabled by default. Contact the D3 Security support team to enable the Password Expiration Check feature.

The password expiration check feature allows the system admin to set a password reset period. When enabled, users must reset their passwords within the specified period of time to ensure security. Every newly created user must reset their log-in password after enabling this feature.

Once this feature is enabled, the PasswordRestPeriod will show in the web config.

To set password reset period

  1. Navigate to Configuration

  2. Click on Application Settings tab

  3. Open the Web Config

  4. Set the number of days under the PasswordRestPeriod

E.g. PasswordResetPeriod: 365. The user must update the password after 365 days to log in to vSOC again.

If the password exceeds the set time, it will redirect every user to the Reset Password page upon login, to reset their password.

Reader Note

When updating vSOC from a version without this feature, the password reset time will be reset as well, with the counter beginning again on the day of the update.

Date/Time Format

Date/Time Format allows you to choose the format to display time and date in D3 SOAR. The chosen format option in this page will be applied as the system’s default date/time format.

You can also choose to override this default date/time format when configuring from a module in D3, or in Site Settings.

SMTP (Simple Mail Transfer Protocol) Server and Email

Configure the SMTP Details in order to send emails from the D3 platform.

Sorting Options

You can choose how the officer name list is sorted when creating or editing an Incident Report.

Master Instance Registration (Tenants Only)

Only accessible in tenant instances.

Connect a tenant instance with the master instance by generating a key. Copy the key to use when adding a tenant in the master instance. See multi-tenancy for more details on connecting a tenant.
Keys have expirations and will show their status. Each key can only be used once and will expire after 1 hour.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.