Playbooks

Name SOAR App Type
AWS Disable User Accounts AWS IAM Response
AWS Find Inactive Users AWS IAM, Phantom Investigation
Active Directory Reset password LDAP Response
Block Indicators Palo Alto Networks Firewall, CarbonBlack Response, OpenDNS Umbrella Response
Crowdstrike Malware Triage Crowdstrike OAuth Response
Delete Detected Files Windows Remote Management Response
Email Notification for Malware VirusTotal, WildFire, CarbonBlack Response, SMTP Response
Hunting Splunk, Reversing Labs, CarbonBlack Response, Threat Grid, Falcon Host API Investigation
Internal Host SSH Investigate SSH Investigation
Internal Host SSH Log4j Investigate SSH Investigation
Internal Host SSH Log4j Response SSH Response
Internal Host WinRM Investigate Windows Remote Management Investigation
Internal Host WinRM Log4j Investigate Windows Remote Management Investigation
Internal Host WinRM Response Windows Remote Management Response
Log4j Investigate None Investigation
Log4j Respond None Response
Log4j Splunk Investigation Splunk Investigation
Malware Hunt and Contain LDAP, ServiceNow, CarbonBlack Response, VirusTotal Response
Ransomware Investigate and Contain Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance Response
Risk Notable Block Indicators None Response
Risk Notable Enrich None Investigation
Risk Notable Import Data Splunk Investigation
Risk Notable Investigate None Investigation
Risk Notable Merge Events None Investigation
Risk Notable Mitigate None Response
Risk Notable Preprocess Splunk Investigation
Risk Notable Protect Assets and Users None Response
Risk Notable Review Indicators None Response
Risk Notable Verdict None Response
Start Investigation None Investigation
Threat Intel Investigate None Investigation
TruSTAR Enrich Indicators TruSTAR Investigation