| AWS Disable User Accounts |
AWS IAM |
Response |
| AWS Find Inactive Users |
AWS IAM, Phantom |
Investigation |
| Active Directory Reset password |
LDAP |
Response |
| Block Indicators |
Palo Alto Networks Firewall, CarbonBlack Response, OpenDNS Umbrella |
Response |
| Crowdstrike Malware Triage |
Crowdstrike OAuth |
Response |
| Delete Detected Files |
Windows Remote Management |
Response |
| Email Notification for Malware |
VirusTotal, WildFire, CarbonBlack Response, SMTP |
Response |
| Hunting |
Splunk, Reversing Labs, CarbonBlack Response, Threat Grid, Falcon Host API |
Investigation |
| Internal Host SSH Investigate |
SSH |
Investigation |
| Internal Host SSH Log4j Investigate |
SSH |
Investigation |
| Internal Host SSH Log4j Response |
SSH |
Response |
| Internal Host WinRM Investigate |
Windows Remote Management |
Investigation |
| Internal Host WinRM Log4j Investigate |
Windows Remote Management |
Investigation |
| Internal Host WinRM Response |
Windows Remote Management |
Response |
| Log4j Investigate |
None |
Investigation |
| Log4j Respond |
None |
Response |
| Log4j Splunk Investigation |
Splunk |
Investigation |
| Malware Hunt and Contain |
LDAP, ServiceNow, CarbonBlack Response, VirusTotal |
Response |
| Ransomware Investigate and Contain |
Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance |
Response |
| Risk Notable Block Indicators |
None |
Response |
| Risk Notable Enrich |
None |
Investigation |
| Risk Notable Import Data |
Splunk |
Investigation |
| Risk Notable Investigate |
None |
Investigation |
| Risk Notable Merge Events |
None |
Investigation |
| Risk Notable Mitigate |
None |
Response |
| Risk Notable Preprocess |
Splunk |
Investigation |
| Risk Notable Protect Assets and Users |
None |
Response |
| Risk Notable Review Indicators |
None |
Response |
| Risk Notable Verdict |
None |
Response |
| Start Investigation |
None |
Investigation |
| Threat Intel Investigate |
None |
Investigation |
| TruSTAR Enrich Indicators |
TruSTAR |
Investigation |