AWS Disable User Accounts |
AWS IAM |
Response |
AWS Find Inactive Users |
AWS IAM, Phantom |
Investigation |
Active Directory Reset password |
LDAP |
Response |
Block Indicators |
Palo Alto Networks Firewall, CarbonBlack Response, OpenDNS Umbrella |
Response |
Crowdstrike Malware Triage |
Crowdstrike OAuth |
Response |
Delete Detected Files |
Windows Remote Management |
Response |
Email Notification for Malware |
VirusTotal, WildFire, CarbonBlack Response, SMTP |
Response |
Hunting |
Splunk, Reversing Labs, CarbonBlack Response, Threat Grid, Falcon Host API |
Investigation |
Internal Host SSH Investigate |
SSH |
Investigation |
Internal Host SSH Log4j Investigate |
SSH |
Investigation |
Internal Host SSH Log4j Response |
SSH |
Response |
Internal Host WinRM Investigate |
Windows Remote Management |
Investigation |
Internal Host WinRM Log4j Investigate |
Windows Remote Management |
Investigation |
Internal Host WinRM Response |
Windows Remote Management |
Response |
Log4j Investigate |
None |
Investigation |
Log4j Respond |
None |
Response |
Log4j Splunk Investigation |
Splunk |
Investigation |
Malware Hunt and Contain |
LDAP, ServiceNow, CarbonBlack Response, VirusTotal |
Response |
Ransomware Investigate and Contain |
Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance |
Response |
Risk Notable Block Indicators |
None |
Response |
Risk Notable Enrich |
None |
Investigation |
Risk Notable Import Data |
Splunk |
Investigation |
Risk Notable Investigate |
None |
Investigation |
Risk Notable Merge Events |
None |
Investigation |
Risk Notable Mitigate |
None |
Response |
Risk Notable Preprocess |
Splunk |
Investigation |
Risk Notable Protect Assets and Users |
None |
Response |
Risk Notable Review Indicators |
None |
Response |
Risk Notable Verdict |
None |
Response |
Start Investigation |
None |
Investigation |
Threat Intel Investigate |
None |
Investigation |
TruSTAR Enrich Indicators |
TruSTAR |
Investigation |