Playbooks

Name	SOAR App	D3FEND	Use Case
AD LDAP Account Locking	AD LDAP	Account Locking	Phishing, Endpoint
AD LDAP Account Unlocking	AD LDAP
AD LDAP Entity Attribute Lookup	AD LDAP		Enrichment
AWS Disable User Accounts	AWS IAM
AWS Find Inactive Users	AWS IAM, Phantom
AWS IAM Account Locking	AWS IAM	Account Locking	Phishing, Endpoint
AWS IAM Account Unlocking	AWS IAM
Active Directory Disable Account Dispatch	AD LDAP, Azure AD Graph	Account Locking	Phishing, Endpoint
Active Directory Enable Account Dispatch	microsoft_ad_ldap, azure_ad_graph, aws_iam
Active Directory Reset password	AD LDAP
Attribute Lookup Dispatch			Enrichment
Automated Enrichment
Azure AD Account Unlocking	Azure AD Graph
Azure AD Graph User Attribute Lookup	Azure AD Graph		Enrichment
Azure AD Locking Account	Azure AD Graph	Account Locking	Phishing, Endpoint
Block Indicators	Palo Alto Networks Firewall, Carbon Black Response, Cisco Umbrella
Cisco Umbrella DNS Denylisting	Cisco Umbrella	DNS Denylisting	Phishing, Endpoint
CrowdStrike OAuth API Device Attribute Lookup	CrowdStrike OAuth API		Enrichment, Endpoint
CrowdStrike OAuth API Dynamic Analysis	CrowdStrike OAuth API	Dynamic Analysis	Enrichment, Phishing, Endpoint
CrowdStrike OAuth API Identifier Activity Analysis	CrowdStrike OAuth API	Identifier Activity Analysis	Enrichment, Endpoint
Crowdstrike Malware Triage	CrowdStrike OAuth API
DNS Denylisting Dispatch		DNS Denylisting	Phishing, Endpoint
Delete Detected Files	Windows Remote Management
Dynamic Analysis Dispatch		Dynamic Analysis	Enrichment, Phishing, Endpoint
Email Notification for Malware	VirusTotal, WildFire, Carbon Black Response, SMTP
G Suite for GMail Message Identifier Activity Analysis	G Suite for GMail	Identifier Activity Analysis	Phishing
Hunting	Splunk, Reversing Labs, Carbon Black Response, Threat Grid, Falcon Host API
Identifier Activity Analysis Dispatch		Identifier Activity Analysis	Enrichment
Identifier Reputation Analysis Dispatch		Identifier Reputation Analysis	Enrichment
Internal Host SSH Investigate	SSH
Internal Host SSH Log4j Investigate	SSH
Internal Host SSH Log4j Response	SSH
Internal Host WinRM Investigate	Windows Remote Management
Internal Host WinRM Log4j Investigate	Windows Remote Management
Internal Host WinRM Response	Windows Remote Management
Jira Related Tickets Search	Jira
Log4j Investigate
Log4j Respond
Log4j Splunk Investigation	Splunk
Malware Hunt and Contain	LDAP, ServiceNow, Carbon Black Response, VirusTotal
Panorama Outbound Traffic Filtering	Panorama		Phishing, Endpoint
PhishTank URL Reputation Analysis	PhishTank	Identifier Reputation Analysis	Enrichment, Phishing
Ransomware Investigate and Contain	Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance
Related Tickets Search Dispatch			Enrichment
Risk Notable Block Indicators
Risk Notable Enrich
Risk Notable Import Data	Splunk
Risk Notable Investigate
Risk Notable Merge Events
Risk Notable Mitigate
Risk Notable Preprocess	Splunk
Risk Notable Protect Assets and Users
Risk Notable Review Indicators
Risk Notable Verdict
ServiceNow Related Tickets Search	ServiceNow		Enrichment
Splunk Attack Analyzer Dynamic Analysis	Splunk Attack Analyzer Connector for Splunk SOAR	Dynamic Analysis	Enrichment, Phishing, Endpoint
Splunk Identifier Activity Analysis	Splunk	Identifier Activity Analysis	Enrichment
Splunk Message Identifier Activity Analysis	Splunk	Identifier Activity Analysis	Phishing
Splunk Notable Related Tickets Search	Splunk		Enrichment
Start Investigation
Threat Intel Investigate
TruSTAR Enrich Indicators	TruSTAR
URL Outbound Traffic Filtering Dispatch			Phishing, Endpoint
UrlScan IO Dynamic Analysis	urlscan.io	Dynamic Analysis	Enrichment, Phishing, Endpoint
VirusTotal V3 Dynamic Analysis	VirusTotal v3	Dynamic Analysis	Enrichment, Phishing, Endpoint
VirusTotal v3 Identifier Reputation Analysis	VirusTotal v3	Identifier Reputation Analysis	Enrichment
Windows Defender ATP Identifier Activity Analysis	Windows Defender ATP	Identifier Activity Analysis	Enrichment, Endpoint
ZScaler Outbound Traffic Filtering	Zscaler		Phishing, Endpoint