AD LDAP Account Locking |
AD LDAP |
Account Locking |
Phishing, Endpoint |
AD LDAP Entity Attribute Lookup |
AD LDAP |
|
Enrichment |
AWS Find Inactive Users |
AWS IAM, Phantom |
|
|
AWS IAM Account Locking |
AWS IAM |
Account Locking |
Phishing, Endpoint |
Active Directory Disable Account Dispatch |
AD LDAP, Azure AD Graph |
Account Locking |
Phishing, Endpoint |
Attribute Lookup Dispatch |
|
|
Enrichment |
Automated Enrichment |
|
|
|
Azure AD Account Locking |
Azure AD Graph |
Account Locking |
Phishing, Endpoint |
Azure AD Graph User Attribute Lookup |
Azure AD Graph |
|
Enrichment |
CrowdStrike OAuth API Device Attribute Lookup |
CrowdStrike OAuth API |
|
Enrichment, Endpoint |
CrowdStrike OAuth API Dynamic Analysis |
CrowdStrike OAuth API |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
CrowdStrike OAuth API Identifier Activity Analysis |
CrowdStrike OAuth API |
Identifier Activity Analysis |
Enrichment, Endpoint |
Dynamic Analysis Dispatch |
|
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
G Suite for GMail Message Identifier Activity Analysis |
G Suite for GMail |
Identifier Activity Analysis |
Phishing |
Hunting |
Splunk, Reversing Labs, Carbon Black Response, Threat Grid, Falcon Host API |
|
|
Identifier Activity Analysis Dispatch |
|
Identifier Activity Analysis |
Enrichment |
Identifier Reputation Analysis Dispatch |
|
Identifier Reputation Analysis |
Enrichment |
Internal Host SSH Investigate |
SSH |
|
|
Internal Host SSH Log4j Investigate |
SSH |
|
|
Internal Host Splunk Investigate log4j |
Splunk |
|
|
Internal Host WinRM Investigate |
Windows Remote Management |
|
|
Internal Host WinRM Log4j Investigate |
Windows Remote Management |
|
|
Jira Related Tickets Search |
Jira |
Identifier Reputation Analysis |
|
Log4j Investigate |
|
|
|
MS Graph for Office 365 Message Identifier Activity Analysis |
MS Graph for Office 365 |
Identifier Activity Analysis |
Phishing |
PhishTank URL Reputation Analysis |
PhishTank |
Identifier Reputation Analysis |
Enrichment, Phishing |
Related Tickets Search Dispatch |
|
|
Enrichment |
Risk Notable Enrich |
|
|
|
Risk Notable Import Data |
Splunk |
|
|
Risk Notable Investigate |
|
|
|
Risk Notable Merge Events |
|
|
|
Risk Notable Preprocess |
Splunk |
|
|
ServiceNow Related Tickets Search |
ServiceNow |
Identifier Reputation Analysis |
Enrichment |
Splunk Attack Analyzer Dynamic Analysis |
Splunk Attack Analyzer Connector for Splunk SOAR |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
Splunk Automated Email Investigation |
|
Dynamic Analysis, Sender Reputation Analysis |
Phishing |
Splunk Identifier Activity Analysis |
Splunk |
Identifier Activity Analysis |
Enrichment |
Splunk Message Identifier Activity Analysis |
Splunk |
Identifier Activity Analysis |
Phishing |
Splunk Notable Related Tickets Search |
Splunk |
|
Enrichment |
Start Investigation |
|
|
|
Threat Intel Investigate |
|
|
|
TruSTAR Enrich Indicators |
TruSTAR |
|
|
UrlScan IO Dynamic Analysis |
urlscan.io |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
VirusTotal V3 Dynamic Analysis |
VirusTotal v3 |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
VirusTotal v3 Identifier Reputation Analysis |
VirusTotal v3 |
Identifier Reputation Analysis, URL Reputation Analysis, Domain Name Reputation Analysis, IP Reputation Analysis, File Hash Reputation Analysis |
Enrichment |
Windows Defender ATP Identifier Activity Analysis |
Windows Defender ATP |
Identifier Activity Analysis |
Enrichment, Endpoint |