Playbooks

Name Detections Type
Active Directory Reset password None Response
Block Indicators None Response
Crowdstrike Malware Triage None Response
Delete Detected Files Executable File Written in Administrative SMB Share Response
Email Notification for Malware None Response
Internal Host SSH Investigate None Investigation
Internal Host SSH Log4j Investigate None Investigation
Internal Host SSH Log4j Response None Response
Internal Host WinRM Investigate None Investigation
Internal Host WinRM Log4j Investigate None Investigation
Internal Host WinRM Response None Investigation
Log4j Investigate Curl Download and Bash ExecutionWget Download and Bash ExecutionLinux Java Spawning ShellJava Class File download by Java User AgentOutbound Network Connection from Java Using Default PortsLog4Shell JNDI Payload Injection AttemptLog4Shell JNDI Payload Injection with Outbound ConnectionDetect Outbound LDAP Traffic Investigate
Log4j Respond Curl Download and Bash ExecutionWget Download and Bash ExecutionLinux Java Spawning ShellJava Class File download by Java User AgentOutbound Network Connection from Java Using Default PortsLog4Shell JNDI Payload Injection AttemptLog4Shell JNDI Payload Injection with Outbound ConnectionDetect Outbound LDAP Traffic Response
Log4j Splunk Investigation None Investigation
Malware Hunt and Contain None Response
Ransomware Investigate and Contain Conti Common Exec parameter Response
Risk Notable Block Indicators None Response
Risk Notable Enrich None Investigation
Risk Notable Import Data None Investigation
Risk Notable Investigate None Investigation
Risk Notable Merge Events None Investigation
Risk Notable Mitigate None Response
Risk Notable Preprocess None Investigation
Risk Notable Protect Assets and Users None Response
Risk Notable Review Indicators None Response
Risk Notable Verdict None Response