D3’s integration with ZeroFox brings automation and orchestration to ZeroFox’s AI-powered threat intelligence and digital risk protection capabilities. When ZeroFox finds threats against your brand, public-facing assets, customers, or employees, Smart SOAR jumps into action to investigate and coordinate an automation-powered response.
Brand impersonation alerts created by ZeroFox can be escalated to Smart SOAR for analysis and response. Smart SOAR strips out the elements of the alert, such as the URL, and checks them against integrated threat intelligence sources. If the URL is known to be malicious, Smart SOAR submits it to the firewall to be blocked, searches for emails containing the URL, and runs a phishing email sub-playbook. Smart SOAR can also search an integrated SIEM to find internal hosts that have connected to the URL and determine if any data was lost. Smart SOAR can orchestrate specific actions in ZeroFox, such as triggering a takedown request, adding the URL to a threat feed, assigning the incident to a user, and sending an email notification to that user.
By integrating Smart SOAR and ZeroFox, you can automatically enrich events from your detection tools with ZeroFox threat intelligence, as well as assess their criticality through additional data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an automated response playbook based on the incident type that has been identified.
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.