{"id":112794,"date":"2022-05-03T09:00:00","date_gmt":"2022-05-03T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=112794"},"modified":"2023-05-15T22:58:34","modified_gmt":"2023-05-16T05:58:34","slug":"automating-your-microsoft-security-suite-with-d3-smart-soar","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/05\/03\/automating-your-microsoft-security-suite-with-d3-smart-soar\/","title":{"rendered":"Automating your Microsoft security suite with D3 Smart SOAR \u00a0"},"content":{"rendered":"\n

Updated 3\/31\/2023<\/strong>: Since this blog was originally published, D3 Security changed the name of XGEN SOAR to Smart SOAR. This blog has been updated to reflect the new product name.<\/em><\/p>\n\n\n\n

This blog post is part of the Microsoft Intelligent Security Association <\/em>guest blog series<\/em><\/a>. <\/em>Learn more about MISA<\/em><\/a>.<\/em><\/p>\n\n\n\n

There are certain pain points in the average security operations center (SOC) that, no matter what else changes in the security landscape, stay among the most entrenched problems. You can probably name them off the top of your head: an overwhelming amount of security alerts; the ongoing shortage of skilled cybersecurity professionals; the inability to detect and respond to increasingly sophisticated attacks; and the proliferation of tools (76 in the average enterprise SOC) that do not always work well together.1<\/sup> But these challenges have something else in common other than being the primary causes of headaches among security pros: they are all alleviated by security orchestration, automation, and response\u2014better known as SOAR.2<\/sup> Learn how D3 Security’s Smart SOAR integrates with Microsoft Sentinel<\/a> and hundreds of other tools to help customers overcome SOC Analyst fatigue and disparate toolsets in this blog post. <\/p>\n\n\n\n

What is SOAR? <\/h2>\n\n\n\n

Let\u2019s start with the basics. SOAR<\/a> is a category of powerful tools that integrate with other security systems, such as security information and event management (SIEM)<\/a>, endpoint detection and response (EDR), and firewalls, to ingest alerts, enrich them with contextual intelligence, and orchestrate remediation actions across the environment. SOAR tools use playbooks to automate and codify workflows to accelerate mean time to respond (MTTR) and standardize responses to common incident types. <\/p>\n\n\n\n

D3 Smart SOAR is a fully vendor-agnostic SOAR solution, which means it can maintain dozens of deep integrations with Microsoft tools\u2014including Sentinel\u2014and bring automation to security workflows in any environment. <\/p>\n\n\n\n

How Microsoft Sentinel customers use D3\u2019s Event Pipeline to stay focused on real threats <\/h2>\n\n\n\n

What does integrating D3 Smart SOAR with Microsoft tools mean for customers? Let\u2019s take one narrow example and look at how D3\u2019s Event Pipeline\u2014a unique offering among SOAR platforms\u2014acts on Microsoft Sentinel events to make the lives of security analysts much easier.3<\/sup> <\/p>\n\n\n\n

D3 ingests Microsoft Sentinel events for investigation and response. But as any SIEM operator knows, it is a delicate balance to configure your SIEM, and other alert-generating tools, so that you are capturing all the important incidents without an overwhelming amount of noise. That\u2019s where D3\u2019s Event Pipeline comes in. <\/p>\n\n\n\n

\"The<\/figure>\n\n\n\n

When a Microsoft Sentinel event comes into D3, it goes through the Event Pipeline, a global automated playbook that acts on every incoming event or alert from a detection tool. The Event Pipeline works in three stages:<\/p>\n\n\n\n