GitHub Repo

Enrichment Playbooks

Name SOAR App D3FEND Use Case
Attribute Lookup Dispatch Enrichment
Azure AD Graph User Attribute Lookup Azure AD Graph Enrichment
Splunk Attack Analyzer Dynamic Analysis Splunk Attack Analyzer Connector for Splunk SOAR D3-DA Enrichment Phishing Endpoint
Splunk Identifier Activity Analysis Splunk D3-IAA Enrichment
Identifier Activity Analysis Dispatch D3-IAA Enrichment
CrowdStrike OAuth API Identifier Activity Analysis CrowdStrike OAuth API D3-IAA Enrichment Endpoint
Identifier Reputation Analysis Dispatch D3-IRA Enrichment
CrowdStrike OAuth API Device Attribute Lookup CrowdStrike OAuth API Enrichment Endpoint
ServiceNow Related Tickets Search ServiceNow D3-IRA Enrichment
PhishTank URL Reputation Analysis PhishTank D3-IRA Enrichment Phishing
CrowdStrike OAuth API Endpoint Analysis CrowdStrike OAuth API D3-NTA D3-PA D3-AI Enrichment Malware Endpoint
CiscoTalosIntelligence Identifier Reputation Analysis Cisco Talos Intelligence D3-IRA Enrichment
Related Tickets Search Dispatch Enrichment
UrlScan IO Dynamic Analysis urlscan.io D3-DA Enrichment Phishing Endpoint
VirusTotal v3 Identifier Reputation Analysis VirusTotal v3 D3-IRA D3-URA D3-DNRA D3-IPRA D3-FHRA Enrichment
VirusTotal V3 Dynamic Analysis VirusTotal v3 D3-DA Enrichment Phishing Endpoint
Windows Defender ATP Identifier Activity Analysis Windows Defender ATP D3-IAA Enrichment Endpoint
AD LDAP Entity Attribute Lookup AD LDAP Enrichment
CrowdStrike OAuth API Dynamic Analysis CrowdStrike OAuth API D3-DA Enrichment Phishing Endpoint
Dynamic Analysis Dispatch D3-DA Enrichment Phishing Endpoint
Splunk Notable Related Tickets Search Splunk Enrichment