Phishing Playbooks

Name	SOAR App	D3FEND	Use Case
AD LDAP Account Locking	AD LDAP	D3-AL	Phishing Endpoint
AWS IAM Account Locking	AWS IAM	D3-AL	Phishing Endpoint
Active Directory Disable Account Dispatch	AD LDAP, Azure AD Graph	D3-AL	Phishing Endpoint
Azure AD Account Locking	Azure AD Graph	D3-AL	Phishing Endpoint
Cisco Umbrella DNS Denylisting	Cisco Umbrella	D3-DNSDL	Phishing Endpoint
CrowdStrike OAuth API Dynamic Analysis	CrowdStrike OAuth API	D3-DA	Enrichment Phishing Endpoint
DNS Denylisting Dispatch		D3-DNSDL	Phishing Endpoint
Dynamic Analysis Dispatch		D3-DA	Enrichment Phishing Endpoint
G Suite for GMail Message Identifier Activity Analysis	G Suite for GMail	D3-IAA	Phishing
G Suite for Gmail Message Eviction	G Suite for GMail	D3-ER	Phishing
G Suite for Gmail Search and Purge	G Suite for GMail	D3-ER D3-IAA	Phishing
MS Graph for Office 365 Message Eviction	MS Graph for Office 365	D3-ER	Phishing
MS Graph for Office 365 Message Identifier Activity Analysis	MS Graph for Office 365	D3-IAA	Phishing
MS Graph for Office 365 Message Restore	MS Graph for Office 365	D3-RE	Phishing
MS Graph for Office 365 Search and Purge	MS Graph for Office 365	D3-ER D3-IAA	Phishing
MS Graph for Office 365 Search and Restore	MS Graph for Office 365	D3-RE	Phishing
Panorama Outbound Traffic Filtering	Panorama	D3-OTF	Phishing Endpoint
PhishTank URL Reputation Analysis	PhishTank	D3-IRA	Enrichment Phishing
Splunk Attack Analyzer Dynamic Analysis	Splunk Attack Analyzer Connector for Splunk SOAR	D3-DA	Enrichment Phishing Endpoint
Splunk Automated Email Investigation		D3-DA D3-SRA	Phishing
Splunk Message Identifier Activity Analysis	Splunk	D3-IAA	Phishing
URL Outbound Traffic Filtering Dispatch		D3-OTF	Phishing Endpoint
UrlScan IO Dynamic Analysis	urlscan.io	D3-DA	Enrichment Phishing Endpoint
VirusTotal V3 Dynamic Analysis	VirusTotal v3	D3-DA	Enrichment Phishing Endpoint
ZScaler Outbound Traffic Filtering	Zscaler	D3-OTF	Phishing Endpoint