Description

The D3 Incident Response Platform is the only SOAR tool that combines security orchestration with robust case management, in an intuitive, battle-tested, and highly scalable solution.

The platform combines security alerts from Micro Focus ArcSight ESM with threat intelligence and other products, in order to seamlessly automate the analysis and response process.

Users can respond with guided playbooks based on leading methodologies, which are fully or partially automated. D3's applet library features 200+ out-of-the-box integrations, while still allowing analysts to write and execute their own scripts. A visual playbook editor gives users a dynamic interface for building response processes, including for on-the-fly scenarios.

Robust case management and collaboration system serve to streamline and automate the compliance, audit, and privacy management obligations related to cyberattacks and security incidents. Unlike any other product, D3 automates both the security and compliance/documentation requirements; enabling truly 'full-lifecycle' incident management.

Detection-to-Remediation Use-Case

The combination of Micro Focus ArcSight ESM and D3 provides advanced threat detection with efficient workflows and playbooks. Analysts can seamlessly move from detection, through analysis, and remediation within a single platform.

  • Triggered events can be analyzed and escalated to incidents at the point of detection
  • Apply threat specific playbooks to incidents for consistent and efficient steps of investigation providing the analyst with instant access to industry best practices
  • Automated workflows increase the speed at which remediation can take place by automatically notifying team members of assignments that need to be completed
  • Structured and consistent logging of the incidents means the “lessons learned” process has the necessary information available and SOC can easily adjust their processes and procedures

Incident-to-Investigation Use-Cases

The ability to correlate events and IP addresses in Micro Focus ArcSight ESM with previously pushed incidents and cases in D3 provide investigators with powerful tools to look for persistent threats and threat actors.

  • Search Event IP addresses and correlate with existing incidents allowing the analyst to see attack patterns
  • Analyze these patterns within previous incidents giving the analyst further insight into what attack vectors could be exploited
  • Investigate the attack vectors and find what vulnerabilities exist within these vectors
  • Remediate the vulnerabilities and log post-incident findings for improved response on future attacks

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
D3 Incident Response Platform - Micro Focus CEF Integration 10.0
628.0 KB
  |  
Aug 22, 2018
More info Less info
Product compatibility
Version 7.0 · 7.2
Release notes

CEF Integration Guide 

Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2024-9-1-6238 | Tue Sep 24 21:38:49 PDT 2024