Full width home advertisement

Post Page Advertisement [Top]

I’m curious what some of the coolest soar workflows you’ve seen to get ideas of what to do next?

I recently completed a workflow that automates our phishing submission response.

When I joined the team, they had a mailbox for the phishing submissions along with the SIEM alert that were not easy to correlate.

An email would come into the mailbox -> analyst investigates and makes determination -> analyst then responded to the user letting them know the determination -> forwards the email to CISA if it’s phishing -> manually moves the email to the correct folder -> places blocks for IOCs -> updates SIEM alert -> make report if anyone interacted with IOCs -> creates ticket

Now: analyst looks at SIEM incident -> uses the resources linked in the alert (link to email, link to queries, link to paint tools) -> come to determination and select 1 of 3 options in the ticket comments.

From there all of the previously manual tasks are automated! And investigative queries are ran with the results listed in the alert.

I’m so happy to have saved my team so much time they can use to learn and grow.

Anything else people have seen that I can try next? submitted by /u/AverageAdmin
[link] [comments]


http://dlvr.it/SxlmMl

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib