AD LDAP Account Locking
|
AD LDAP
|
D3-AL
|
Phishing
Endpoint
|
AD LDAP Account Unlocking
|
AD LDAP
|
|
|
AD LDAP Entity Attribute Lookup
|
AD LDAP
|
|
Enrichment
|
AWS IAM Account Locking
|
AWS IAM
|
D3-AL
|
Phishing
Endpoint
|
AWS IAM Account Unlocking
|
AWS IAM
|
D3-RUAA
|
|
Active Directory Disable Account Dispatch
|
AD LDAP,
Azure AD Graph
|
D3-AL
|
Phishing
Endpoint
|
Active Directory Enable Account Dispatch
|
AD LDAP,
Azure AD Graph,
AWS IAM
|
|
|
Attribute Lookup Dispatch
|
|
|
Enrichment
|
Automated Enrichment
|
|
|
|
Azure AD Account Locking
|
Azure AD Graph
|
D3-AL
|
Phishing
Endpoint
|
Azure AD Account Unlocking
|
Azure AD Graph
|
D3-RUAA
|
|
Azure AD Graph User Attribute Lookup
|
Azure AD Graph
|
|
Enrichment
|
Cisco Umbrella DNS Denylisting
|
Cisco Umbrella
|
D3-DNSDL
|
Phishing
Endpoint
|
CrowdStrike OAuth API Device Attribute Lookup
|
CrowdStrike OAuth API
|
|
Enrichment
Endpoint
|
CrowdStrike OAuth API Dynamic Analysis
|
CrowdStrike OAuth API
|
D3-DA
|
Enrichment
Phishing
Endpoint
|
CrowdStrike OAuth API Identifier Activity Analysis
|
CrowdStrike OAuth API
|
D3-IAA
|
Enrichment
Endpoint
|
DNS Denylisting Dispatch
|
|
D3-DNSDL
|
Phishing
Endpoint
|
Dynamic Analysis Dispatch
|
|
D3-DA
|
Enrichment
Phishing
Endpoint
|
G Suite for GMail Message Identifier Activity Analysis
|
G Suite for GMail
|
D3-IAA
|
Phishing
|
G Suite for Gmail Message Eviction
|
G Suite for GMail
|
D3-ER
|
Phishing
|
G Suite for Gmail Search and Purge
|
G Suite for GMail
|
D3-ER
D3-IAA
|
Phishing
|
Identifier Activity Analysis Dispatch
|
|
D3-IAA
|
Enrichment
|
Identifier Reputation Analysis Dispatch
|
|
D3-IRA
|
Enrichment
|
Jira Related Tickets Search
|
Jira
|
D3-IRA
|
|
MS Graph for Office 365 Message Eviction
|
MS Graph for Office 365
|
D3-ER
|
Phishing
|
MS Graph for Office 365 Message Identifier Activity Analysis
|
MS Graph for Office 365
|
D3-IAA
|
Phishing
|
MS Graph for Office 365 Message Restore
|
MS Graph for Office 365
|
D3-RE
|
Phishing
|
MS Graph for Office 365 Search and Purge
|
MS Graph for Office 365
|
D3-ER
D3-IAA
|
Phishing
|
MS Graph for Office 365 Search and Restore
|
MS Graph for Office 365
|
D3-RE
|
Phishing
|
Panorama Outbound Traffic Filtering
|
Panorama
|
D3-OTF
|
Phishing
Endpoint
|
PhishTank URL Reputation Analysis
|
PhishTank
|
D3-IRA
|
Enrichment
Phishing
|
Related Tickets Search Dispatch
|
|
|
Enrichment
|
ServiceNow Related Tickets Search
|
ServiceNow
|
D3-IRA
|
Enrichment
|
Splunk Attack Analyzer Dynamic Analysis
|
Splunk Attack Analyzer Connector for Splunk SOAR
|
D3-DA
|
Enrichment
Phishing
Endpoint
|
Splunk Automated Email Investigation
|
|
D3-DA
D3-SRA
|
Phishing
|
Splunk Identifier Activity Analysis
|
Splunk
|
D3-IAA
|
Enrichment
|
Splunk Message Identifier Activity Analysis
|
Splunk
|
D3-IAA
|
Phishing
|
Splunk Notable Related Tickets Search
|
Splunk
|
|
Enrichment
|
URL Outbound Traffic Filtering Dispatch
|
|
D3-OTF
|
Phishing
Endpoint
|
UrlScan IO Dynamic Analysis
|
urlscan.io
|
D3-DA
|
Enrichment
Phishing
Endpoint
|
VirusTotal V3 Dynamic Analysis
|
VirusTotal v3
|
D3-DA
|
Enrichment
Phishing
Endpoint
|
VirusTotal v3 Identifier Reputation Analysis
|
VirusTotal v3
|
D3-IRA
D3-URA
D3-DNRA
D3-IPRA
D3-FHRA
|
Enrichment
|
Windows Defender ATP Identifier Activity Analysis
|
Windows Defender ATP
|
D3-IAA
|
Enrichment
Endpoint
|
ZScaler Outbound Traffic Filtering
|
Zscaler
|
D3-OTF
|
Phishing
Endpoint
|
ActiveDirectory Reset password
|
AD LDAP
|
|
|
AWS Disable User Accounts
|
AWS IAM
|
|
|
AWS Find Inactive Users
|
AWS IAM,
Phantom
|
|
|
Block Indicators
|
Palo Alto Networks Firewall,
Carbon Black Response,
Cisco Umbrella
|
|
|
Crowdstrike Malware Triage
|
CrowdStrike OAuth API
|
|
|
Delete Detected Files
|
Windows Remote Management
|
|
|
Email Notification for Malware
|
VirusTotal,
WildFire,
Carbon Black Response,
SMTP
|
|
|
Hunting
|
Splunk,
Reversing Labs,
Carbon Black Response,
Threat Grid,
Falcon Host API
|
|
|
Internal Host Splunk Investigate log4j
|
Splunk
|
|
|
Internal Host SSH Investigate
|
SSH
|
|
|
Internal Host SSH Log4j Investigate
|
SSH
|
|
|
Internal Host SSH Log4j Respond
|
SSH
|
|
|
Internal Host WinRM Investigate
|
Windows Remote Management
|
|
|
Internal Host WinRM Log4j Investigate
|
Windows Remote Management
|
|
|
Internal Host WinRM log4j Respond
|
Windows Remote Management
|
|
|
Log4j Investigate
|
|
|
|
Log4j Respond
|
|
|
|
Malware Hunt and Contain
|
LDAP,
ServiceNow,
Carbon Black Response,
VirusTotal
|
|
|
Ransomware Investigate and Contain
|
Carbon Black Response,
LDAP,
Palo Alto Networks Firewall,
WildFire,
Cylance
|
|
|
Risk Notable Block Indicators
|
|
|
|
Risk Notable Enrich
|
|
|
|
Risk Notable Import Data
|
Splunk
|
|
|
Risk Notable Investigate
|
|
|
|
Risk Notable Merge Events
|
|
|
|
Risk Notable Mitigate
|
|
|
|
Risk Notable Preprocess
|
Splunk
|
|
|
Risk Notable Protect Assets and Users
|
|
|
|
Risk Notable Review Indicators
|
|
|
|
Risk Notable Verdict
|
|
|
|
Start Investigation
|
|
|
|
Threat Intel Investigate
|
|
|
|
TruSTAR Enrich Indicators
|
TruSTAR
|
|
|