Skip to main content
Skip table of contents

Home Dashboard

LAST UPDATED: OCT 21, 2024

Introduction

The Home Configuration Dashboard serves as a hub for configuring D3 SOAR, providing users with tools and guidance for setting up integrations, data ingestion, playbooks, and other key components.

Top Section: Walkthrough Wizard

The Walkthrough Wizard contains a brief instructional video on general data flow. The wizard guides users through five steps:

Select Integration

Frame 8 (22)-20241021-165316.png

This step explains that D3 SOAR integrates with external systems and connects them to the Playbook Engine, facilitating data exchange and command execution. Users can explore hundreds of out-of-the-box integrations through the following options:

  • Browse: Redirects to the Integrations page, where users can view integrations categorized into 18 types (e.g., Analytics, Email & Messaging and SIEM & XDR).

  • Search: Opens a popup for alphanumeric searching of integrations.

  • Create: Allows users to create new integrations, prompting for a name, category, and description, then redirects to the specific integration configuration page.

Setup Connection

Frame 9 (22)-20241021-165334.png

A connection links D3 SOAR with a third-party application, enabling data ingestion, integration commands, and remote operations. Options include:

  • Browse: Redirects to the Connections page.

  • Search: Opens a searchable integration list.

  • Event Webhook/Incident Webhook: Allows users to set up webhooks by searching for integrations and configuring Fetch Event or Fetch Incident commands.

Deploy Data Ingestion

Frame 10 (21)-20241021-165357.png

Users can retrieve cybersecurity alerts from third-party applications, converting them into D3 Events for data preprocessing or D3 Incidents for response actions. Options include:

Fetch Event/Fetch Incident: Opens a popup for integration search, redirecting to the respective Event or Incident Intake tab within the Data Ingestion module. If unavailable, the form will be empty.

Apply Data Normalization

Frame 11 (19)-20241021-165414.png

This step guides users in mapping fields extracted from events or incidents to the D3 Data Model or custom fields. Options include:

View Event Mapping and View Incident Mapping: Redirects to the Data Ingestion module for field mapping.

Build Playbooks

Frame 12 (19)-20241021-165427.png

Users can configure event and incident playbooks for data triage and response actions. Options include:

  • Browse Event/Incident Playbooks: Redirects to the respective Playbooks module.

  • Create Event/Incident Playbook: Prompts for a playbook name and redirects to the newly created playbook, where users can build it via a drag-and-drop editor and configure playbook tasks.

Bottom Section: Operations Hub

This section provides direct access to configuration tasks and management features.

  • Users: Options include adding a user, importing users, or viewing all users. These links redirect to Organization Management > Users.

  • Integrations: Displays configured and featured integrations. Hovering over any integration displays a tooltip with an introduction. Clicking the Add an Integration link redirects users to the Integrations module with the Add Integration form.

  • Incident Playbooks: Clicking on the Add an Incident Playbook link renders a popup that prompts users to name a new incident playbook and redirects them to configure it. The Search Incident Playbook link opens a popup to search available playbooks, while Import Incident Playbooks takes users to the module where they can import a playbook from an XML file.

  • Event Playbooks: Similar to incident playbooks, users can add, search, or import event playbooks via the Event Playbooks module.

    image 40 (3)-20241021-170043.png

  • Connections: The Add an Integration Connection and View Integration Connections links redirect users to the Integration Connections tab in the Connections module. The View Webhook Keys link takes users to the Webhook Keys tab.

  • Data Ingestion: The View Event Intakes, Add Event Ingestion Schedule and Add Event Ingestion Webhook Key links redirects users to the Event Intake tab in the Data Ingestion module. The View Incident Intakes, Add Incident Ingestion Schedule and Add Incident Ingestion Webhook Key links take users to the Incident Intake tab within the same module.

  • Schedules: Users can add schedules with integration or utility commands, or search schedules via the Schedules module.

  • Event Automation Rules: The Browse Event Automation Rules link directs users to the Event Automation Rules module, while the Add an Event Automation Rule link also redirects users to the same module, opening the Add Automation Rule popup form for configuring dismissal or escalation rules.

  • Utility Commands: The Search Utility Commands link directs users to the Utility Commands module, while the Add a Utility Command link also redirects users to the same module, opening the Add Command popup form for creating a Python or Codeless Playbook.

  • Custom Incident Forms: The Search Custom Incident Forms and Add a Custom Incident Form links direct users to the Incident Form Editor module, with the latter opening the New Incident Form popup for users to enter the name and description of the custom incident type.

  • Global List: Options include searching or creating global lists, which redirect to the Global List module.

  • Artifact Types: The Search Artifact Types and Add an Artifact Type links direct users to the Artifacts module, with the latter opening the New Artifact Type popup for defining a new artifact. The Add an Artifact Relationship link opens the Relationship popup for configuring relationships between artifacts, while the Browse Artifact Relationships link navigates to the Relationships panel to view existing artifact relationships.

  • Agent Management: The Download Windows Agent link initiates the download of the D3PlaybookAgentInstaller<version>.zip file. The Generate Windows Security Token link opens the Agent Management module, displaying the Generate Security Token popup for site selection and token generation. The Linux Agent Installation Guide link directs users to the documentation for installing the Proxy Agent on Linux.

  • Group Management: Redirects users to Organization Management > Groups.

  • Role Management: Redirects users to Organization Management > Roles.

  • Site Management: Redirects users to Organization Management > Sites.

  • Application Settings: Redirects users to the Application Settings module.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close