| AD LDAP Account Locking |
AD LDAP |
Account Locking |
Phishing, Endpoint |
| AD LDAP Account Unlocking |
AD LDAP |
|
|
| AD LDAP Entity Attribute Lookup |
AD LDAP |
|
Enrichment |
| AWS Disable User Accounts |
AWS IAM |
|
|
| AWS Find Inactive Users |
AWS IAM, Phantom |
|
|
| AWS IAM Account Locking |
AWS IAM |
Account Locking |
Phishing, Endpoint |
| AWS IAM Account Unlocking |
AWS IAM |
Restore User Account Access |
|
| Active Directory Disable Account Dispatch |
AD LDAP, Azure AD Graph |
Account Locking |
Phishing, Endpoint |
| Active Directory Enable Account Dispatch |
AD LDAP, Azure AD Graph, AWS IAM |
|
|
| Active Directory Reset password |
AD LDAP |
|
|
| Attribute Lookup Dispatch |
|
|
Enrichment |
| Automated Enrichment |
|
|
|
| Azure AD Account Locking |
Azure AD Graph |
Account Locking |
Phishing, Endpoint |
| Azure AD Account Unlocking |
Azure AD Graph |
Restore User Account Access |
|
| Azure AD Graph User Attribute Lookup |
Azure AD Graph |
|
Enrichment |
| Block Indicators |
Palo Alto Networks Firewall, Carbon Black Response, Cisco Umbrella |
|
|
| Cisco Umbrella DNS Denylisting |
Cisco Umbrella |
DNS Denylisting |
Phishing, Endpoint |
| CrowdStrike OAuth API Device Attribute Lookup |
CrowdStrike OAuth API |
|
Enrichment, Endpoint |
| CrowdStrike OAuth API Dynamic Analysis |
CrowdStrike OAuth API |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
| CrowdStrike OAuth API Identifier Activity Analysis |
CrowdStrike OAuth API |
Identifier Activity Analysis |
Enrichment, Endpoint |
| Crowdstrike Malware Triage |
CrowdStrike OAuth API |
|
|
| DNS Denylisting Dispatch |
|
DNS Denylisting |
Phishing, Endpoint |
| Delete Detected Files |
Windows Remote Management |
|
|
| Dynamic Analysis Dispatch |
|
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
| Email Notification for Malware |
VirusTotal, WildFire, Carbon Black Response, SMTP |
|
|
| G Suite for GMail Message Identifier Activity Analysis |
G Suite for GMail |
Identifier Activity Analysis |
Phishing |
| G Suite for Gmail Message Eviction |
G Suite for GMail |
Email Removal |
Phishing |
| G Suite for Gmail Search and Purge |
G Suite for GMail |
Email Removal, Identifier Activity Analysis |
Phishing |
| Hunting |
Splunk, Reversing Labs, Carbon Black Response, Threat Grid, Falcon Host API |
|
|
| Identifier Activity Analysis Dispatch |
|
Identifier Activity Analysis |
Enrichment |
| Identifier Reputation Analysis Dispatch |
|
Identifier Reputation Analysis |
Enrichment |
| Internal Host SSH Investigate |
SSH |
|
|
| Internal Host SSH Log4j Investigate |
SSH |
|
|
| Internal Host SSH Log4j Response |
SSH |
|
|
| Internal Host WinRM Investigate |
Windows Remote Management |
|
|
| Internal Host WinRM Log4j Investigate |
Windows Remote Management |
|
|
| Internal Host WinRM Response |
Windows Remote Management |
|
|
| Jira Related Tickets Search |
Jira |
Identifier Reputation Analysis |
|
| Log4j Investigate |
|
|
|
| Log4j Respond |
|
|
|
| Log4j Splunk Investigation |
Splunk |
|
|
| MS Graph for Office 365 Message Eviction |
MS Graph for Office 365 |
Email Removal |
Phishing |
| MS Graph for Office 365 Message Identifier Activity Analysis |
MS Graph for Office 365 |
Identifier Activity Analysis |
Phishing |
| MS Graph for Office 365 Message Restore |
MS Graph for Office 365 |
Restore Email |
Phishing |
| MS Graph for Office365 Search and Purge |
MS Graph for Office 365 |
Email Removal, Identifier Activity Analysis |
Phishing |
| MS Graph for Office365 Search and Restore |
MS Graph for Office 365 |
Restore Email |
Phishing |
| Malware Hunt and Contain |
LDAP, ServiceNow, Carbon Black Response, VirusTotal |
|
|
| Panorama Outbound Traffic Filtering |
Panorama |
Outbound Traffic Filtering |
Phishing, Endpoint |
| PhishTank URL Reputation Analysis |
PhishTank |
Identifier Reputation Analysis |
Enrichment, Phishing |
| Ransomware Investigate and Contain |
Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance |
|
|
| Related Tickets Search Dispatch |
|
|
Enrichment |
| Risk Notable Block Indicators |
|
|
|
| Risk Notable Enrich |
|
|
|
| Risk Notable Import Data |
Splunk |
|
|
| Risk Notable Investigate |
|
|
|
| Risk Notable Merge Events |
|
|
|
| Risk Notable Mitigate |
|
|
|
| Risk Notable Preprocess |
Splunk |
|
|
| Risk Notable Protect Assets and Users |
|
|
|
| Risk Notable Review Indicators |
|
|
|
| Risk Notable Verdict |
|
|
|
| ServiceNow Related Tickets Search |
ServiceNow |
Identifier Reputation Analysis |
Enrichment |
| Splunk Attack Analyzer Dynamic Analysis |
Splunk Attack Analyzer Connector for Splunk SOAR |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
| Splunk Automated Email Investigation |
|
Dynamic Analysis, Sender Reputation Analysis |
Phishing |
| Splunk Identifier Activity Analysis |
Splunk |
Identifier Activity Analysis |
Enrichment |
| Splunk Message Identifier Activity Analysis |
Splunk |
Identifier Activity Analysis |
Phishing |
| Splunk Notable Related Tickets Search |
Splunk |
|
Enrichment |
| Start Investigation |
|
|
|
| Threat Intel Investigate |
|
|
|
| TruSTAR Enrich Indicators |
TruSTAR |
|
|
| URL Outbound Traffic Filtering Dispatch |
|
Outbound Traffic Filtering |
Phishing, Endpoint |
| UrlScan IO Dynamic Analysis |
urlscan.io |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
| VirusTotal V3 Dynamic Analysis |
VirusTotal v3 |
Dynamic Analysis |
Enrichment, Phishing, Endpoint |
| VirusTotal v3 Identifier Reputation Analysis |
VirusTotal v3 |
Identifier Reputation Analysis, URL Reputation Analysis, Domain Name Reputation Analysis, IP Reputation Analysis, File Hash Reputation Analysis |
Enrichment |
| Windows Defender ATP Identifier Activity Analysis |
Windows Defender ATP |
Identifier Activity Analysis |
Enrichment, Endpoint |
| ZScaler Outbound Traffic Filtering |
Zscaler |
|
Phishing, Endpoint |