Skip to main content
Skip table of contents

Getting Started

LAST UPDATED JAN 6, 2024

D3 SOAR

Master the essentials of D3 SOAR: multi-tenancy, access control, integration configuration, playbook creation, data ingestion and glossary for platform terminologies.

Getting Started with the D3 Platform

Welcome. This section of the documentation is designed to guide users through the initial setup process. The core objectives for enabling users to use and customize the platform are:

  1. Provision access for team members with the appropriate permissions.

  2. Set up two playbooks to assist with investigations.

  3. Configure data ingestion to enable security alerts to flow into the platform.

To support these core objectives, the getting started section is divided into sequential parts, each building on the previous one:

Setting Up Sites

D3 logically separates business units across sites, each operating independently with isolated data, workflows, and configurations.

Setting Up Access Controls

Before inviting users, roles and groups must be created with appropriate permissions.

Creating Users

Once sites, roles and groups are configured, users can be invited to the platform. During the invitation process, users are assigned a role, along with groups and sites.

Configuring an Integration

To enable data ingestion, a connection with a data source must first be established.

Creating the First Playbook

D3 supports two tiers of playbooks: one triggered upon data ingestion and another triggered upon escalation. This section focuses on creating a playbook that triggers when events are escalated into incidents.

Creating the Second Playbook

This section provides instructions for creating a playbook that triggers upon data ingestion. The primary purpose of this playbook is to dismiss or escalate events into incidents and trigger the playbook from the previous step.

Configuring Data Ingestion

With the data source connection established and playbooks configured, data ingestion can be activated. The section concludes with security events being streamed into the D3 platform. Automated playbooks will process these events, and the incident workspace (customizable via the incident workspace builder) will be used—as needed—for teams to manage and respond to security incidents.

image 73-20250104-004713.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close