Phishing Playbooks

Name SOAR App D3FEND Use Case
AD LDAP Account Locking AD LDAP D3-AL Phishing Endpoint
AWS IAM Account Locking AWS IAM D3-AL Phishing Endpoint
Active Directory Disable Account Dispatch AD LDAP, Azure AD Graph D3-AL Phishing Endpoint
Azure AD Account Locking Azure AD Graph D3-AL Phishing Endpoint
Cisco Umbrella DNS Denylisting Cisco Umbrella D3-DNSDL Phishing Endpoint
CrowdStrike OAuth API Dynamic Analysis CrowdStrike OAuth API D3-DA Enrichment Phishing Endpoint
DNS Denylisting Dispatch D3-DNSDL Phishing Endpoint
Dynamic Analysis Dispatch D3-DA Enrichment Phishing Endpoint
G Suite for GMail Message Identifier Activity Analysis G Suite for GMail D3-IAA Phishing
G Suite for Gmail Message Eviction G Suite for GMail D3-ER Phishing
G Suite for Gmail Search and Purge G Suite for GMail D3-ER D3-IAA Phishing
MS Graph for Office 365 Message Eviction MS Graph for Office 365 D3-ER Phishing
MS Graph for Office 365 Message Identifier Activity Analysis MS Graph for Office 365 D3-IAA Phishing
MS Graph for Office 365 Message Restore MS Graph for Office 365 D3-RE Phishing
MS Graph for Office 365 Search and Purge MS Graph for Office 365 D3-ER D3-IAA Phishing
MS Graph for Office 365 Search and Restore MS Graph for Office 365 D3-RE Phishing
Panorama Outbound Traffic Filtering Panorama D3-OTF Phishing Endpoint
PhishTank URL Reputation Analysis PhishTank D3-IRA Enrichment Phishing
Splunk Attack Analyzer Dynamic Analysis Splunk Attack Analyzer Connector for Splunk SOAR D3-DA Enrichment Phishing Endpoint
Splunk Automated Email Investigation D3-DA D3-SRA Phishing
Splunk Message Identifier Activity Analysis Splunk D3-IAA Phishing
URL Outbound Traffic Filtering Dispatch D3-OTF Phishing Endpoint
UrlScan IO Dynamic Analysis urlscan.io D3-DA Enrichment Phishing Endpoint
VirusTotal V3 Dynamic Analysis VirusTotal v3 D3-DA Enrichment Phishing Endpoint
ZScaler Outbound Traffic Filtering Zscaler D3-OTF Phishing Endpoint