Response

Name	SOAR App	D3FEND	Use Case
AD LDAP Account Unlocking	AD LDAP
AWS Disable User Accounts	AWS IAM
AWS IAM Account Unlocking	AWS IAM	Restore User Account Access
Active Directory Enable Account Dispatch	AD LDAP, Azure AD Graph, AWS IAM
Active Directory Reset password	AD LDAP
Azure AD Account Unlocking	Azure AD Graph	Restore User Account Access
Block Indicators	Palo Alto Networks Firewall, Carbon Black Response, Cisco Umbrella
Cisco Umbrella DNS Denylisting	Cisco Umbrella	DNS Denylisting	Phishing, Endpoint
Crowdstrike Malware Triage	CrowdStrike OAuth API
DNS Denylisting Dispatch		DNS Denylisting	Phishing, Endpoint
Delete Detected Files	Windows Remote Management
Email Notification for Malware	VirusTotal, WildFire, Carbon Black Response, SMTP
G Suite for Gmail Message Eviction	G Suite for GMail	Email Removal	Phishing
G Suite for Gmail Search and Purge	G Suite for GMail	Email Removal, Identifier Activity Analysis	Phishing
Internal Host SSH Log4j Response	SSH
Internal Host WinRM Response	Windows Remote Management
Log4j Respond
MS Graph for Office 365 Message Eviction	MS Graph for Office 365	Email Removal	Phishing
MS Graph for Office 365 Message Restore	MS Graph for Office 365	Restore Email	Phishing
MS Graph for Office365 Search and Purge	MS Graph for Office 365	Email Removal, Identifier Activity Analysis	Phishing
MS Graph for Office365 Search and Restore	MS Graph for Office 365	Restore Email	Phishing
Malware Hunt and Contain	LDAP, ServiceNow, Carbon Black Response, VirusTotal
Panorama Outbound Traffic Filtering	Panorama	Outbound Traffic Filtering	Phishing, Endpoint
Ransomware Investigate and Contain	Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance
Risk Notable Block Indicators
Risk Notable Mitigate
Risk Notable Protect Assets and Users
Risk Notable Review Indicators
Risk Notable Verdict
URL Outbound Traffic Filtering Dispatch		Outbound Traffic Filtering	Phishing, Endpoint
ZScaler Outbound Traffic Filtering	Zscaler		Phishing, Endpoint