How Smart SOAR Integrates with SIEMs

Reports of the death of the SIEM have been greatly exaggerated. Despite all the noise around XDR platforms, EDR tools, and other newer solutions, a SIEM is still the linchpin of most enterprise and MSSP SOCs. While next-generation SOAR tools like D3 Smart SOAR work just as well alongside other tools, any SOAR tool worth its salt should integrate flawlessly with your SIEM.

That doesn’t mean just offering a few basic integrations. Fully meeting customers’ SIEM integration needs requires:

• Integrating well with every SIEM you might use
• Feature-rich, bidirectional integrations
• Integrating with cloud SIEMs as well as on-premise SIEMs
• Supporting multi-SIEM environments
• Supporting MSSP as well as enterprise use cases
• An effective process for triaging and responding to SIEM events once they are ingested

Thanks to our powerful technology and status as an independent vendor, D3 can meet all of these criteria for our customers. In this blog, we’ll look at our major SIEM integrations and explain how innovations like the D3 Event Pipeline transform what SOC teams can do with a SIEM-SOAR integration.

With What SIEMs does D3 XGEN SOAR Integrate?

The D3 Smart SOAR tool offers out-of-the-box codeless integrations with every major SIEM, as well as some that are less well known. We’re confident that we have the SIEM integration that you need, and if we don’t, we can easily create a custom connector for you. Here’s a non-exhaustive list of our SIEM integrations, along with some brief descriptions of a few of the most important ones.

Splunk Enterprise Security

D3’s integration with Splunk boasts more than a dozen actions. These include the basics of course, such as ingesting events and querying Splunk for information, however there are also advanced actions like managing Splunk’s repository of threat intelligence from D3’s playbooks.

Read more about D3’s integration with Splunk.

IBM Security QRadar SIEM

D3 has a deep integration with QRadar that has more than 20 actions. This integration is truly bidirectional, allowing D3 users to update the status of offenses in QRadar by adding elements and notes, closing offenses, and managing reference sets.

Read more about D3’s IBM integrations.

McAfee ESM

D3’s integration with McAfee enables more than 20 automated actions. In addition to querying McAfee logs and ingesting alarms, users can manage their McAfee watchlists from the D3 interface.

Read more about D3’s integrations with McAfee tools.

Microsoft Azure Sentinel

D3 is a member of the Microsoft Intelligent Security Association (MISA)?on the strength of our integrations with tools like Azure Sentinel. D3 ingests alerts from Azure Sentinel and can query information from the platform in various forms. Users can also update incident comments and statuses from D3 playbooks.

Read more about D3’s Microsoft integrations.

D3 Smart SOAR Integrations with SIEM

Our integrations include, but aren’t limited to, the following SIEM tools (and tools that some organizations use instead of a SIEM):

• Datadog
• FireEye Helix
• FortiSIEM
• Google Chronicle
• LogRhythm
• Micro Focus ArcSight ESM
• Rapid7 InsightIDR
• RSA NetWitness
• SumoLogic

[Click to continue reading]