D3 Cyber Incident Response Platform

3861

D3 Security Partner

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

D3 Security | Partner

The D3 Incident Response Platform provides SOAR (Security Orchestration, Automation, and Response) to organizations so they can efficiently manage cyberattacks, incident response, and compliance/privacy investigations.

189 downloads

Description

The D3 Incident Response Platform is the only SOAR tool that combines security orchestration with robust case management, in an intuitive, battle-tested, and highly scalable solution.

The platform combines security alerts from Micro Focus ArcSight ESM with threat intelligence and other products, in order to seamlessly automate the analysis and response process.

Users can respond with guided playbooks based on leading methodologies, which are fully or partially automated. D3's applet library features 200+ out-of-the-box integrations, while still allowing analysts to write and execute their own scripts. A visual playbook editor gives users a dynamic interface for building response processes, including for on-the-fly scenarios.

Robust case management and collaboration system serve to streamline and automate the compliance, audit, and privacy management obligations related to cyberattacks and security incidents. Unlike any other product, D3 automates both the security and compliance/documentation requirements; enabling truly 'full-lifecycle' incident management.

Detection-to-Remediation Use-Case

The combination of Micro Focus ArcSight ESM and D3 provides advanced threat detection with efficient workflows and playbooks. Analysts can seamlessly move from detection, through analysis, and remediation within a single platform.

Triggered events can be analyzed and escalated to incidents at the point of detection
Apply threat specific playbooks to incidents for consistent and efficient steps of investigation providing the analyst with instant access to industry best practices
Automated workflows increase the speed at which remediation can take place by automatically notifying team members of assignments that need to be completed
Structured and consistent logging of the incidents means the “lessons learned” process has the necessary information available and SOC can easily adjust their processes and procedures

Incident-to-Investigation Use-Cases

The ability to correlate events and IP addresses in Micro Focus ArcSight ESM with previously pushed incidents and cases in D3 provide investigators with powerful tools to look for persistent threats and threat actors.

Search Event IP addresses and correlate with existing incidents allowing the analyst to see attack patterns
Analyze these patterns within previous incidents giving the analyst further insight into what attack vectors could be exploited
Investigate the attack vectors and find what vulnerabilities exist within these vectors
Remediate the vulnerabilities and log post-incident findings for improved response on future attacks