├── .github ├── tests │ ├── pyproject.toml │ ├── requirements-dev.txt │ ├── requirements.txt │ ├── robot │ │ ├── AutomationCodeScanner.robot │ │ ├── DynamicTestCases.py │ │ ├── PlaybookScanner.robot │ │ ├── PlaybookScannerHelper.py │ │ ├── __pycache__ │ │ │ ├── DynamicTestCases.cpython-39.pyc │ │ │ └── PlaybookScannerHelper.cpython-39.pyc │ │ └── soar_robot_utils │ │ │ ├── __init__.py │ │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── playbook_parser.cpython-39.pyc │ │ │ └── utils.cpython-39.pyc │ │ │ ├── playbook_parser.py │ │ │ └── utils.py │ ├── run_on_all_automation_code.py │ └── run_on_changed_playbooks.py └── workflows │ └── main.yml ├── .gitignore ├── AD_LDAP_Account_Locking.json ├── AD_LDAP_Account_Locking.png ├── AD_LDAP_Account_Locking.py ├── AD_LDAP_Account_Unlocking.json ├── AD_LDAP_Account_Unlocking.png ├── AD_LDAP_Account_Unlocking.py ├── AD_LDAP_Entity_Attribute_Lookup.json ├── AD_LDAP_Entity_Attribute_Lookup.png ├── AD_LDAP_Entity_Attribute_Lookup.py ├── AWS_IAM_Account_Locking.json ├── AWS_IAM_Account_Locking.png ├── AWS_IAM_Account_Locking.py ├── AWS_IAM_Account_Unlocking.json ├── AWS_IAM_Account_Unlocking.png ├── AWS_IAM_Account_Unlocking.py ├── Active_Directory_Disable_Account_Dispatch.json ├── Active_Directory_Disable_Account_Dispatch.png ├── Active_Directory_Disable_Account_Dispatch.py ├── Active_Directory_Enable_Account_Dispatch.json ├── Active_Directory_Enable_Account_Dispatch.png ├── Active_Directory_Enable_Account_Dispatch.py ├── Attribute_Lookup_Dispatch.json ├── Attribute_Lookup_Dispatch.png ├── Attribute_Lookup_Dispatch.py ├── Automated_Enrichment.json ├── Automated_Enrichment.png ├── Automated_Enrichment.py ├── Azure_AD_Account_Locking.json ├── Azure_AD_Account_Locking.png ├── Azure_AD_Account_Locking.py ├── Azure_AD_Account_Unlocking.json ├── Azure_AD_Account_Unlocking.png ├── Azure_AD_Account_Unlocking.py ├── Azure_AD_Graph_User_Attribute_Lookup.json ├── Azure_AD_Graph_User_Attribute_Lookup.png ├── Azure_AD_Graph_User_Attribute_Lookup.py ├── CiscoTalosIntelligence_Identifier_Reputation_Analysis.json ├── CiscoTalosIntelligence_Identifier_Reputation_Analysis.png ├── CiscoTalosIntelligence_Identifier_Reputation_Analysis.py ├── Cisco_Umbrella_DNS_Denylisting.json ├── Cisco_Umbrella_DNS_Denylisting.png ├── Cisco_Umbrella_DNS_Denylisting.py ├── Commvault_Cloud_Disable_Data_Aging.json ├── Commvault_Cloud_Disable_Data_Aging.png ├── Commvault_Cloud_Disable_Data_Aging.py ├── CrowdStrike_OAuth_API_Device_Attribute_Lookup.json ├── CrowdStrike_OAuth_API_Device_Attribute_Lookup.png ├── CrowdStrike_OAuth_API_Device_Attribute_Lookup.py ├── CrowdStrike_OAuth_API_Dynamic_Analysis.json ├── CrowdStrike_OAuth_API_Dynamic_Analysis.png ├── CrowdStrike_OAuth_API_Dynamic_Analysis.py ├── CrowdStrike_OAuth_API_Endpoint_Analysis.json ├── CrowdStrike_OAuth_API_Endpoint_Analysis.png ├── CrowdStrike_OAuth_API_Endpoint_Analysis.py ├── CrowdStrike_OAuth_API_Executable_Denylisting.json ├── CrowdStrike_OAuth_API_Executable_Denylisting.png ├── CrowdStrike_OAuth_API_Executable_Denylisting.py ├── CrowdStrike_OAuth_API_File_Collection.json ├── CrowdStrike_OAuth_API_File_Collection.png ├── CrowdStrike_OAuth_API_File_Collection.py ├── CrowdStrike_OAuth_API_File_Eviction.json ├── CrowdStrike_OAuth_API_File_Eviction.png ├── CrowdStrike_OAuth_API_File_Eviction.py ├── CrowdStrike_OAuth_API_File_Restore.json ├── CrowdStrike_OAuth_API_File_Restore.png ├── CrowdStrike_OAuth_API_File_Restore.py ├── CrowdStrike_OAuth_API_Get_Device_Info.json ├── CrowdStrike_OAuth_API_Get_Device_Info.png ├── CrowdStrike_OAuth_API_Get_Device_Info.py ├── CrowdStrike_OAuth_API_Identifier_Activity_Analysis.json ├── CrowdStrike_OAuth_API_Identifier_Activity_Analysis.png ├── CrowdStrike_OAuth_API_Identifier_Activity_Analysis.py ├── CrowdStrike_OAuth_API_Network_Isolation.json ├── CrowdStrike_OAuth_API_Network_Isolation.png ├── CrowdStrike_OAuth_API_Network_Isolation.py ├── CrowdStrike_OAuth_API_Network_Restore.json ├── CrowdStrike_OAuth_API_Network_Restore.png ├── CrowdStrike_OAuth_API_Network_Restore.py ├── CrowdStrike_OAuth_API_Process_Termination.json ├── CrowdStrike_OAuth_API_Process_Termination.png ├── CrowdStrike_OAuth_API_Process_Termination.py ├── Crowdstrike_Endpoint_IOC_Enrichment.json ├── Crowdstrike_Endpoint_IOC_Enrichment.png ├── Crowdstrike_Endpoint_IOC_Enrichment.py ├── Crowdstrike_Endpoint_Quarantine_Response.json ├── Crowdstrike_Endpoint_Quarantine_Response.png ├── Crowdstrike_Endpoint_Quarantine_Response.py ├── DNS_Denylisting_Dispatch.json ├── DNS_Denylisting_Dispatch.png ├── DNS_Denylisting_Dispatch.py ├── Dynamic_Analysis_Dispatch.json ├── Dynamic_Analysis_Dispatch.png ├── Dynamic_Analysis_Dispatch.py ├── G_Suite_for_GMail_Message_Identifier_Activity_Analysis.json ├── G_Suite_for_GMail_Message_Identifier_Activity_Analysis.png ├── G_Suite_for_GMail_Message_Identifier_Activity_Analysis.py ├── G_Suite_for_Gmail_Message_Eviction.json ├── G_Suite_for_Gmail_Message_Eviction.png ├── G_Suite_for_Gmail_Message_Eviction.py ├── G_Suite_for_Gmail_Search_and_Purge.json ├── G_Suite_for_Gmail_Search_and_Purge.png ├── G_Suite_for_Gmail_Search_and_Purge.py ├── Identifier_Activity_Analysis_Dispatch.json ├── Identifier_Activity_Analysis_Dispatch.png ├── Identifier_Activity_Analysis_Dispatch.py ├── Identifier_Reputation_Analysis_Dispatch.json ├── Identifier_Reputation_Analysis_Dispatch.png ├── Identifier_Reputation_Analysis_Dispatch.py ├── Jira_Related_Tickets_Search.json ├── Jira_Related_Tickets_Search.png ├── Jira_Related_Tickets_Search.py ├── LICENSE ├── MS_Graph_for_Office_365_Message_Eviction.json ├── MS_Graph_for_Office_365_Message_Eviction.png ├── MS_Graph_for_Office_365_Message_Eviction.py ├── MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.json ├── MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.png ├── MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.py ├── MS_Graph_for_Office_365_Message_Restore.json ├── MS_Graph_for_Office_365_Message_Restore.png ├── MS_Graph_for_Office_365_Message_Restore.py ├── MS_Graph_for_Office_365_Search_and_Purge.json ├── MS_Graph_for_Office_365_Search_and_Purge.png ├── MS_Graph_for_Office_365_Search_and_Purge.py ├── MS_Graph_for_Office_365_Search_and_Restore.json ├── MS_Graph_for_Office_365_Search_and_Restore.png ├── MS_Graph_for_Office_365_Search_and_Restore.py ├── Microsoft_Defender_For_Endpoint_Network_Isolation.json ├── Microsoft_Defender_For_Endpoint_Network_Isolation.png ├── Microsoft_Defender_For_Endpoint_Network_Isolation.py ├── Microsoft_Defender_For_Endpoint_Network_Restore.json ├── Microsoft_Defender_For_Endpoint_Network_Restore.png ├── Microsoft_Defender_For_Endpoint_Network_Restore.py ├── Mission_Control_Attribute_Lookup.json ├── Mission_Control_Attribute_Lookup.png ├── Mission_Control_Attribute_Lookup.py ├── Mission_Control_Automated_Enrichment.json ├── Mission_Control_Automated_Enrichment.png ├── Mission_Control_Automated_Enrichment.py ├── Mission_Control_Identifier_Reputation_Analysis.json ├── Mission_Control_Identifier_Reputation_Analysis.png ├── Mission_Control_Identifier_Reputation_Analysis.py ├── Mission_Control_Related_Tickets_Search.json ├── Mission_Control_Related_Tickets_Search.png ├── Mission_Control_Related_Tickets_Search.py ├── Panorama_Outbound_Traffic_Filtering.json ├── Panorama_Outbound_Traffic_Filtering.png ├── Panorama_Outbound_Traffic_Filtering.py ├── PhishTank_URL_Reputation_Analysis.json ├── PhishTank_URL_Reputation_Analysis.png ├── PhishTank_URL_Reputation_Analysis.py ├── README.md ├── Related_Tickets_Search_Dispatch.json ├── Related_Tickets_Search_Dispatch.png ├── Related_Tickets_Search_Dispatch.py ├── ReversingLabs_Reported_Email_Triage.json ├── ReversingLabs_Reported_Email_Triage.png ├── ReversingLabs_Reported_Email_Triage.py ├── ReversingLabs_TitaniumCloud_File_Reputation.json ├── ReversingLabs_TitaniumCloud_File_Reputation.png ├── ReversingLabs_TitaniumCloud_File_Reputation.py ├── ReversingLabs_TitaniumCloud_URL_Reputation.json ├── ReversingLabs_TitaniumCloud_URL_Reputation.png ├── ReversingLabs_TitaniumCloud_URL_Reputation.py ├── ReversingLabs_TitaniumScale_File_Analysis.json ├── ReversingLabs_TitaniumScale_File_Analysis.png ├── ReversingLabs_TitaniumScale_File_Analysis.py ├── ServiceNow_Create_Incident.json ├── ServiceNow_Create_Incident.png ├── ServiceNow_Create_Incident.py ├── ServiceNow_Create_Incident_Es.json ├── ServiceNow_Create_Incident_Es.png ├── ServiceNow_Create_Incident_Es.py ├── ServiceNow_Query_Incidents.json ├── ServiceNow_Query_Incidents.png ├── ServiceNow_Query_Incidents.py ├── ServiceNow_Related_Tickets_Search.json ├── ServiceNow_Related_Tickets_Search.png ├── ServiceNow_Related_Tickets_Search.py ├── ServiceNow_Update_Incident.json ├── ServiceNow_Update_Incident.png ├── ServiceNow_Update_Incident.py ├── ServiceNow_Update_Incident_Notes.json ├── ServiceNow_Update_Incident_Notes.png ├── ServiceNow_Update_Incident_Notes.py ├── Splunk_Attack_Analyzer_Dynamic_Analysis.json ├── Splunk_Attack_Analyzer_Dynamic_Analysis.png ├── Splunk_Attack_Analyzer_Dynamic_Analysis.py ├── Splunk_Automated_Email_Investigation.json ├── Splunk_Automated_Email_Investigation.png ├── Splunk_Automated_Email_Investigation.py ├── Splunk_Identifier_Activity_Analysis.json ├── Splunk_Identifier_Activity_Analysis.png ├── Splunk_Identifier_Activity_Analysis.py ├── Splunk_Message_Identifier_Activity_Analysis.json ├── Splunk_Message_Identifier_Activity_Analysis.png ├── Splunk_Message_Identifier_Activity_Analysis.py ├── Splunk_Notable_Related_Tickets_Search.json ├── Splunk_Notable_Related_Tickets_Search.png ├── Splunk_Notable_Related_Tickets_Search.py ├── URL_Outbound_Traffic_Filtering_Dispatch.json ├── URL_Outbound_Traffic_Filtering_Dispatch.png ├── URL_Outbound_Traffic_Filtering_Dispatch.py ├── UrlScan_IO_Dynamic_Analysis.json ├── UrlScan_IO_Dynamic_Analysis.png ├── UrlScan_IO_Dynamic_Analysis.py ├── VirusTotal_v3_Dynamic_Analysis.json ├── VirusTotal_v3_Dynamic_Analysis.png ├── VirusTotal_v3_Dynamic_Analysis.py ├── VirusTotal_v3_Identifier_Reputation_Analysis.json ├── VirusTotal_v3_Identifier_Reputation_Analysis.png ├── VirusTotal_v3_Identifier_Reputation_Analysis.py ├── Windows_Defender_ATP_Identifier_Activity_Analysis.json ├── Windows_Defender_ATP_Identifier_Activity_Analysis.png ├── Windows_Defender_ATP_Identifier_Activity_Analysis.py ├── Zscaler_Outbound_Traffic_Filtering.json ├── Zscaler_Outbound_Traffic_Filtering.png ├── Zscaler_Outbound_Traffic_Filtering.py ├── activedirectory_reset_password.json ├── activedirectory_reset_password.png ├── activedirectory_reset_password.py ├── advanced_playbook_tutorial.json ├── advanced_playbook_tutorial.png ├── advanced_playbook_tutorial.py ├── alert_deescalation_for_test_machines.json ├── alert_deescalation_for_test_machines.png ├── alert_deescalation_for_test_machines.py ├── alert_escalation_for_attacked_executives.json ├── alert_escalation_for_attacked_executives.png ├── alert_escalation_for_attacked_executives.py ├── aws_disable_user_accounts.json ├── aws_disable_user_accounts.png ├── aws_disable_user_accounts.py ├── aws_find_inactive_users.json ├── aws_find_inactive_users.png ├── aws_find_inactive_users.py ├── azure_new_user_census.json ├── azure_new_user_census.png ├── azure_new_user_census.py ├── corelight_investigate_dns_alert.json ├── corelight_investigate_dns_alert.png ├── corelight_investigate_dns_alert.py ├── create_ticket.json ├── create_ticket.png ├── create_ticket.py ├── crowdstrike_malware_triage.json ├── crowdstrike_malware_triage.png ├── crowdstrike_malware_triage.py ├── custom_functions ├── artifact_create.json ├── artifact_create.py ├── artifact_update.json ├── artifact_update.py ├── asset_get_attributes.json ├── asset_get_attributes.py ├── base64_decode.json ├── base64_decode.py ├── collect_by_cef_type.json ├── collect_by_cef_type.py ├── comment_list.json ├── comment_list.py ├── container_merge.json ├── container_merge.py ├── container_update.json ├── container_update.py ├── custom_list_enumerate.json ├── custom_list_enumerate.py ├── custom_list_value_in_strings.json ├── custom_list_value_in_strings.py ├── datetime_modify.json ├── datetime_modify.py ├── debug.json ├── debug.py ├── find_related_containers.json ├── find_related_containers.py ├── indicator_collect.json ├── indicator_collect.py ├── indicator_get_by_tag.json ├── indicator_get_by_tag.py ├── indicator_remove_tag.json ├── indicator_remove_tag.py ├── indicator_tag.json ├── indicator_tag.py ├── json_safe_format.json ├── json_safe_format.py ├── list_deduplicate.json ├── list_deduplicate.py ├── list_demux.json ├── list_demux.py ├── list_drop_none.json ├── list_drop_none.py ├── list_merge.json ├── list_merge.py ├── list_zip.json ├── list_zip.py ├── mark_evidence.json ├── mark_evidence.py ├── noop.json ├── noop.py ├── passthrough.json ├── passthrough.py ├── playbooks_list.json ├── playbooks_list.py ├── regex_extract_email.json ├── regex_extract_email.py ├── regex_extract_ipv4.json ├── regex_extract_ipv4.py ├── regex_extract_url.json ├── regex_extract_url.py ├── regex_filter_list.json ├── regex_filter_list.py ├── regex_split.json ├── regex_split.py ├── string_epoch_to_timestamp.json ├── string_epoch_to_timestamp.py ├── string_remove_crlf.json ├── string_remove_crlf.py ├── string_split.json ├── string_split.py ├── string_to_lowercase.json ├── string_to_lowercase.py ├── string_to_uppercase.json ├── string_to_uppercase.py ├── string_uri_decode.json ├── string_uri_decode.py ├── url_parse.json ├── url_parse.py ├── vault_copy_or_move.json ├── vault_copy_or_move.py ├── vault_list.json ├── vault_list.py ├── workbook_add.json ├── workbook_add.py ├── workbook_list.json ├── workbook_list.py ├── workbook_task_update.json ├── workbook_task_update.py ├── zip_extract.json └── zip_extract.py ├── customer_firewall_request_handle_artifact.json ├── customer_firewall_request_handle_artifact.png ├── customer_firewall_request_handle_artifact.py ├── customer_firewall_request_parse_csv.json ├── customer_firewall_request_parse_csv.png ├── customer_firewall_request_parse_csv.py ├── delete_detected_files.json ├── delete_detected_files.png ├── delete_detected_files.py ├── dispatch_input_playbooks.json ├── dispatch_input_playbooks.png ├── dispatch_input_playbooks.py ├── dns_hijack_enrichment.json ├── dns_hijack_enrichment.png ├── dns_hijack_enrichment.py ├── domain_block_umbrella.json ├── domain_block_umbrella.png ├── domain_block_umbrella.py ├── domain_investigate.json ├── domain_investigate.png ├── domain_investigate.py ├── ec2_instance_investigation_and_notification.json ├── ec2_instance_investigation_and_notification.png ├── ec2_instance_investigation_and_notification.py ├── ec2_instance_isolation.json ├── ec2_instance_isolation.png ├── ec2_instance_isolation.py ├── email_notification_for_malware.json ├── email_notification_for_malware.png ├── email_notification_for_malware.py ├── endace_splunk_search_download_pcap.json ├── endace_splunk_search_download_pcap.png ├── endace_splunk_search_download_pcap.py ├── excessive_account_lockouts_enrichment_and_response.json ├── excessive_account_lockouts_enrichment_and_response.png ├── excessive_account_lockouts_enrichment_and_response.py ├── extrahop_detect_data_exfiltration.json ├── extrahop_detect_data_exfiltration.png ├── extrahop_detect_data_exfiltration.py ├── extrahop_externally_accessible_databases.json ├── extrahop_externally_accessible_databases.png ├── extrahop_externally_accessible_databases.py ├── extrahop_new_dns_servers.json ├── extrahop_new_dns_servers.png ├── extrahop_new_dns_servers.py ├── gcp_unusual_serviceaccount_usage.json ├── gcp_unusual_serviceaccount_usage.png ├── gcp_unusual_serviceaccount_usage.py ├── greynoise_gnql_enrichment.json ├── greynoise_gnql_enrichment.png ├── greynoise_gnql_enrichment.py ├── greynoise_ip_enrichment.json ├── greynoise_ip_enrichment.png ├── greynoise_ip_enrichment.py ├── greynoise_on_poll_set_severity.json ├── greynoise_on_poll_set_severity.png ├── greynoise_on_poll_set_severity.py ├── greynoise_update_severity_from_ip_reputation.json ├── greynoise_update_severity_from_ip_reputation.png ├── greynoise_update_severity_from_ip_reputation.py ├── host_quarantine_crowdstrike.json ├── host_quarantine_crowdstrike.png ├── host_quarantine_crowdstrike.py ├── intelligence_management_enrich_indicators.json ├── intelligence_management_enrich_indicators.png ├── intelligence_management_enrich_indicators.py ├── internal_host_splunk_investigate_log4j.json ├── internal_host_splunk_investigate_log4j.png ├── internal_host_splunk_investigate_log4j.py ├── internal_host_ssh_investigate.json ├── internal_host_ssh_investigate.png ├── internal_host_ssh_investigate.py ├── internal_host_ssh_log4j_investigate.json ├── internal_host_ssh_log4j_investigate.png ├── internal_host_ssh_log4j_investigate.py ├── internal_host_ssh_log4j_respond.json ├── internal_host_ssh_log4j_respond.png ├── internal_host_ssh_log4j_respond.py ├── internal_host_winrm_investigate.json ├── internal_host_winrm_investigate.png ├── internal_host_winrm_investigate.py ├── internal_host_winrm_log4j_investigate.json ├── internal_host_winrm_log4j_investigate.png ├── internal_host_winrm_log4j_investigate.py ├── internal_host_winrm_log4j_respond.json ├── internal_host_winrm_log4j_respond.png ├── internal_host_winrm_log4j_respond.py ├── lets_encrypt_domain_investigate.json ├── lets_encrypt_domain_investigate.png ├── lets_encrypt_domain_investigate.py ├── log4j_investigate.json ├── log4j_investigate.png ├── log4j_investigate.py ├── log4j_respond.json ├── log4j_respond.png ├── log4j_respond.py ├── mcafee_phishing_attachment_investigate.json ├── mcafee_phishing_attachment_investigate.png ├── mcafee_phishing_attachment_investigate.py ├── nagios_service_monitor.json ├── nagios_service_monitor.png ├── nagios_service_monitor.py ├── onboarding_demonstration.json ├── onboarding_demonstration.png ├── onboarding_demonstration.py ├── phishme_email_investigate_and_respond.json ├── phishme_email_investigate_and_respond.png ├── phishme_email_investigate_and_respond.py ├── pin_to_hud_sample.json ├── pin_to_hud_sample.png ├── pin_to_hud_sample.py ├── protectwise_investigate_and_respond.json ├── protectwise_investigate_and_respond.png ├── protectwise_investigate_and_respond.py ├── ransomware_investigate_and_contain.json ├── ransomware_investigate_and_contain.png ├── ransomware_investigate_and_contain.py ├── recorded_future_correlation_response.json ├── recorded_future_correlation_response.png ├── recorded_future_correlation_response.py ├── recorded_future_handle_leaked_credentials.json ├── recorded_future_handle_leaked_credentials.png ├── recorded_future_handle_leaked_credentials.py ├── recorded_future_indicator_enrichment.json ├── recorded_future_indicator_enrichment.png ├── recorded_future_indicator_enrichment.py ├── recorded_future_threat_hunting.json ├── recorded_future_threat_hunting.png ├── recorded_future_threat_hunting.py ├── reinfected_endpoint_check.json ├── reinfected_endpoint_check.png ├── reinfected_endpoint_check.py ├── reset_entity_risk.json ├── reset_entity_risk.py ├── risk_notable_auto_containment.json ├── risk_notable_auto_containment.py ├── risk_notable_auto_investigate.json ├── risk_notable_auto_investigate.py ├── risk_notable_auto_merge.json ├── risk_notable_auto_merge.py ├── risk_notable_auto_undo_containment.json ├── risk_notable_auto_undo_containment.py ├── risk_notable_block_indicators.json ├── risk_notable_block_indicators.py ├── risk_notable_enrich.json ├── risk_notable_enrich.py ├── risk_notable_import_data.json ├── risk_notable_import_data.py ├── risk_notable_investigate.json ├── risk_notable_investigate.py ├── risk_notable_merge_events.json ├── risk_notable_merge_events.py ├── risk_notable_mitigate.json ├── risk_notable_mitigate.py ├── risk_notable_preprocess.json ├── risk_notable_preprocess.py ├── risk_notable_protect_assets_and_users.json ├── risk_notable_protect_assets_and_users.py ├── risk_notable_review_indicators.json ├── risk_notable_review_indicators.py ├── risk_notable_verdict.json ├── risk_notable_verdict.py ├── rogue_wireless_access_point_remediate.json ├── rogue_wireless_access_point_remediate.png ├── rogue_wireless_access_point_remediate.py ├── splunk_enterprise_security_close_investigation.json ├── splunk_enterprise_security_close_investigation.py ├── splunk_enterprise_security_tag_assets_and_identities.json ├── splunk_enterprise_security_tag_assets_and_identities.py ├── ssh_endpoint_investigate.json ├── ssh_endpoint_investigate.png ├── ssh_endpoint_investigate.py ├── start_investigation.json ├── start_investigation.py ├── symantec_ioc_data_enhancement.json ├── symantec_ioc_data_enhancement.png ├── symantec_ioc_data_enhancement.py ├── symantec_proxysg_unblock_request.json ├── symantec_proxysg_unblock_request.png ├── symantec_proxysg_unblock_request.py ├── terminate_spawned_processes.json ├── terminate_spawned_processes.png ├── terminate_spawned_processes.py ├── test_connectivity.json ├── test_connectivity.png ├── test_connectivity.py ├── threat_intel_investigate.json ├── threat_intel_investigate.png ├── threat_intel_investigate.py ├── threatquotient_investigate_and_respond.json ├── threatquotient_investigate_and_respond.png ├── threatquotient_investigate_and_respond.py ├── track_active_directory_admin_users.json ├── track_active_directory_admin_users.png ├── track_active_directory_admin_users.py ├── trustar_network_enrichment.json ├── trustar_network_enrichment.png ├── trustar_network_enrichment.py ├── url_investigate.json ├── url_investigate.png ├── url_investigate.py ├── user_approved_ticket_creation.json ├── user_approved_ticket_creation.png ├── user_approved_ticket_creation.py ├── user_prompt_and_block_domain.json ├── user_prompt_and_block_domain.png ├── user_prompt_and_block_domain.py ├── vectra_advanced_block_host.json ├── vectra_advanced_block_host.png ├── vectra_advanced_block_host.py ├── vectra_basic_block_host.json ├── vectra_basic_block_host.png ├── vectra_basic_block_host.py ├── vectra_detection_notification.json ├── vectra_detection_notification.png ├── vectra_detection_notification.py ├── vmworld_c2_response.json ├── vmworld_c2_response.png ├── vmworld_c2_response.py ├── vmworld_wannacry_response.json ├── vmworld_wannacry_response.png ├── vmworld_wannacry_response.py ├── zscaler_hunt_and_block_url.json ├── zscaler_hunt_and_block_url.png ├── zscaler_hunt_and_block_url.py ├── zscaler_malicious_file_response.json ├── zscaler_malicious_file_response.png ├── zscaler_malicious_file_response.py ├── zscaler_patient_0_parse_email.json ├── zscaler_patient_0_parse_email.png └── zscaler_patient_0_parse_email.py /.github/tests/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/pyproject.toml -------------------------------------------------------------------------------- /.github/tests/requirements-dev.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/requirements-dev.txt -------------------------------------------------------------------------------- /.github/tests/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/requirements.txt -------------------------------------------------------------------------------- /.github/tests/robot/AutomationCodeScanner.robot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/AutomationCodeScanner.robot -------------------------------------------------------------------------------- /.github/tests/robot/DynamicTestCases.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/DynamicTestCases.py -------------------------------------------------------------------------------- /.github/tests/robot/PlaybookScanner.robot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/PlaybookScanner.robot -------------------------------------------------------------------------------- /.github/tests/robot/PlaybookScannerHelper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/PlaybookScannerHelper.py -------------------------------------------------------------------------------- /.github/tests/robot/__pycache__/DynamicTestCases.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/__pycache__/DynamicTestCases.cpython-39.pyc -------------------------------------------------------------------------------- /.github/tests/robot/__pycache__/PlaybookScannerHelper.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/__pycache__/PlaybookScannerHelper.cpython-39.pyc -------------------------------------------------------------------------------- /.github/tests/robot/soar_robot_utils/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/soar_robot_utils/__init__.py -------------------------------------------------------------------------------- /.github/tests/robot/soar_robot_utils/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/soar_robot_utils/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /.github/tests/robot/soar_robot_utils/__pycache__/playbook_parser.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/soar_robot_utils/__pycache__/playbook_parser.cpython-39.pyc -------------------------------------------------------------------------------- /.github/tests/robot/soar_robot_utils/__pycache__/utils.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/soar_robot_utils/__pycache__/utils.cpython-39.pyc -------------------------------------------------------------------------------- /.github/tests/robot/soar_robot_utils/playbook_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/soar_robot_utils/playbook_parser.py -------------------------------------------------------------------------------- /.github/tests/robot/soar_robot_utils/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/robot/soar_robot_utils/utils.py -------------------------------------------------------------------------------- /.github/tests/run_on_all_automation_code.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/run_on_all_automation_code.py -------------------------------------------------------------------------------- /.github/tests/run_on_changed_playbooks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/tests/run_on_changed_playbooks.py -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.github/workflows/main.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/.gitignore -------------------------------------------------------------------------------- /AD_LDAP_Account_Locking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Account_Locking.json -------------------------------------------------------------------------------- /AD_LDAP_Account_Locking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Account_Locking.png -------------------------------------------------------------------------------- /AD_LDAP_Account_Locking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Account_Locking.py -------------------------------------------------------------------------------- /AD_LDAP_Account_Unlocking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Account_Unlocking.json -------------------------------------------------------------------------------- /AD_LDAP_Account_Unlocking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Account_Unlocking.png -------------------------------------------------------------------------------- /AD_LDAP_Account_Unlocking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Account_Unlocking.py -------------------------------------------------------------------------------- /AD_LDAP_Entity_Attribute_Lookup.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Entity_Attribute_Lookup.json -------------------------------------------------------------------------------- /AD_LDAP_Entity_Attribute_Lookup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Entity_Attribute_Lookup.png -------------------------------------------------------------------------------- /AD_LDAP_Entity_Attribute_Lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AD_LDAP_Entity_Attribute_Lookup.py -------------------------------------------------------------------------------- /AWS_IAM_Account_Locking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AWS_IAM_Account_Locking.json -------------------------------------------------------------------------------- /AWS_IAM_Account_Locking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AWS_IAM_Account_Locking.png -------------------------------------------------------------------------------- /AWS_IAM_Account_Locking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AWS_IAM_Account_Locking.py -------------------------------------------------------------------------------- /AWS_IAM_Account_Unlocking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AWS_IAM_Account_Unlocking.json -------------------------------------------------------------------------------- /AWS_IAM_Account_Unlocking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AWS_IAM_Account_Unlocking.png -------------------------------------------------------------------------------- /AWS_IAM_Account_Unlocking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/AWS_IAM_Account_Unlocking.py -------------------------------------------------------------------------------- /Active_Directory_Disable_Account_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Active_Directory_Disable_Account_Dispatch.json -------------------------------------------------------------------------------- /Active_Directory_Disable_Account_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Active_Directory_Disable_Account_Dispatch.png -------------------------------------------------------------------------------- /Active_Directory_Disable_Account_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Active_Directory_Disable_Account_Dispatch.py -------------------------------------------------------------------------------- /Active_Directory_Enable_Account_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Active_Directory_Enable_Account_Dispatch.json -------------------------------------------------------------------------------- /Active_Directory_Enable_Account_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Active_Directory_Enable_Account_Dispatch.png -------------------------------------------------------------------------------- /Active_Directory_Enable_Account_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Active_Directory_Enable_Account_Dispatch.py -------------------------------------------------------------------------------- /Attribute_Lookup_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Attribute_Lookup_Dispatch.json -------------------------------------------------------------------------------- /Attribute_Lookup_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Attribute_Lookup_Dispatch.png -------------------------------------------------------------------------------- /Attribute_Lookup_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Attribute_Lookup_Dispatch.py -------------------------------------------------------------------------------- /Automated_Enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Automated_Enrichment.json -------------------------------------------------------------------------------- /Automated_Enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Automated_Enrichment.png -------------------------------------------------------------------------------- /Automated_Enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Automated_Enrichment.py -------------------------------------------------------------------------------- /Azure_AD_Account_Locking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Account_Locking.json -------------------------------------------------------------------------------- /Azure_AD_Account_Locking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Account_Locking.png -------------------------------------------------------------------------------- /Azure_AD_Account_Locking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Account_Locking.py -------------------------------------------------------------------------------- /Azure_AD_Account_Unlocking.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Account_Unlocking.json -------------------------------------------------------------------------------- /Azure_AD_Account_Unlocking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Account_Unlocking.png -------------------------------------------------------------------------------- /Azure_AD_Account_Unlocking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Account_Unlocking.py -------------------------------------------------------------------------------- /Azure_AD_Graph_User_Attribute_Lookup.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Graph_User_Attribute_Lookup.json -------------------------------------------------------------------------------- /Azure_AD_Graph_User_Attribute_Lookup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Graph_User_Attribute_Lookup.png -------------------------------------------------------------------------------- /Azure_AD_Graph_User_Attribute_Lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Azure_AD_Graph_User_Attribute_Lookup.py -------------------------------------------------------------------------------- /CiscoTalosIntelligence_Identifier_Reputation_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CiscoTalosIntelligence_Identifier_Reputation_Analysis.json -------------------------------------------------------------------------------- /CiscoTalosIntelligence_Identifier_Reputation_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CiscoTalosIntelligence_Identifier_Reputation_Analysis.png -------------------------------------------------------------------------------- /CiscoTalosIntelligence_Identifier_Reputation_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CiscoTalosIntelligence_Identifier_Reputation_Analysis.py -------------------------------------------------------------------------------- /Cisco_Umbrella_DNS_Denylisting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Cisco_Umbrella_DNS_Denylisting.json -------------------------------------------------------------------------------- /Cisco_Umbrella_DNS_Denylisting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Cisco_Umbrella_DNS_Denylisting.png -------------------------------------------------------------------------------- /Cisco_Umbrella_DNS_Denylisting.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Cisco_Umbrella_DNS_Denylisting.py -------------------------------------------------------------------------------- /Commvault_Cloud_Disable_Data_Aging.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Commvault_Cloud_Disable_Data_Aging.json -------------------------------------------------------------------------------- /Commvault_Cloud_Disable_Data_Aging.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Commvault_Cloud_Disable_Data_Aging.png -------------------------------------------------------------------------------- /Commvault_Cloud_Disable_Data_Aging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Commvault_Cloud_Disable_Data_Aging.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Device_Attribute_Lookup.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Device_Attribute_Lookup.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Device_Attribute_Lookup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Device_Attribute_Lookup.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Device_Attribute_Lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Device_Attribute_Lookup.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Dynamic_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Dynamic_Analysis.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Dynamic_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Dynamic_Analysis.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Dynamic_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Dynamic_Analysis.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Endpoint_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Endpoint_Analysis.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Endpoint_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Endpoint_Analysis.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Endpoint_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Endpoint_Analysis.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Executable_Denylisting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Executable_Denylisting.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Executable_Denylisting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Executable_Denylisting.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Executable_Denylisting.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Executable_Denylisting.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Collection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Collection.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Collection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Collection.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Collection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Collection.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Eviction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Eviction.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Eviction.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Eviction.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Eviction.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Eviction.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Restore.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Restore.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Restore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Restore.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_File_Restore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_File_Restore.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Get_Device_Info.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Get_Device_Info.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Get_Device_Info.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Get_Device_Info.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Get_Device_Info.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Get_Device_Info.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Identifier_Activity_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Identifier_Activity_Analysis.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Identifier_Activity_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Identifier_Activity_Analysis.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Identifier_Activity_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Identifier_Activity_Analysis.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Network_Isolation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Network_Isolation.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Network_Isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Network_Isolation.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Network_Isolation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Network_Isolation.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Network_Restore.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Network_Restore.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Network_Restore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Network_Restore.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Network_Restore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Network_Restore.py -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Process_Termination.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Process_Termination.json -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Process_Termination.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Process_Termination.png -------------------------------------------------------------------------------- /CrowdStrike_OAuth_API_Process_Termination.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/CrowdStrike_OAuth_API_Process_Termination.py -------------------------------------------------------------------------------- /Crowdstrike_Endpoint_IOC_Enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Crowdstrike_Endpoint_IOC_Enrichment.json -------------------------------------------------------------------------------- /Crowdstrike_Endpoint_IOC_Enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Crowdstrike_Endpoint_IOC_Enrichment.png -------------------------------------------------------------------------------- /Crowdstrike_Endpoint_IOC_Enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Crowdstrike_Endpoint_IOC_Enrichment.py -------------------------------------------------------------------------------- /Crowdstrike_Endpoint_Quarantine_Response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Crowdstrike_Endpoint_Quarantine_Response.json -------------------------------------------------------------------------------- /Crowdstrike_Endpoint_Quarantine_Response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Crowdstrike_Endpoint_Quarantine_Response.png -------------------------------------------------------------------------------- /Crowdstrike_Endpoint_Quarantine_Response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Crowdstrike_Endpoint_Quarantine_Response.py -------------------------------------------------------------------------------- /DNS_Denylisting_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/DNS_Denylisting_Dispatch.json -------------------------------------------------------------------------------- /DNS_Denylisting_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/DNS_Denylisting_Dispatch.png -------------------------------------------------------------------------------- /DNS_Denylisting_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/DNS_Denylisting_Dispatch.py -------------------------------------------------------------------------------- /Dynamic_Analysis_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Dynamic_Analysis_Dispatch.json -------------------------------------------------------------------------------- /Dynamic_Analysis_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Dynamic_Analysis_Dispatch.png -------------------------------------------------------------------------------- /Dynamic_Analysis_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Dynamic_Analysis_Dispatch.py -------------------------------------------------------------------------------- /G_Suite_for_GMail_Message_Identifier_Activity_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_GMail_Message_Identifier_Activity_Analysis.json -------------------------------------------------------------------------------- /G_Suite_for_GMail_Message_Identifier_Activity_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_GMail_Message_Identifier_Activity_Analysis.png -------------------------------------------------------------------------------- /G_Suite_for_GMail_Message_Identifier_Activity_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_GMail_Message_Identifier_Activity_Analysis.py -------------------------------------------------------------------------------- /G_Suite_for_Gmail_Message_Eviction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_Gmail_Message_Eviction.json -------------------------------------------------------------------------------- /G_Suite_for_Gmail_Message_Eviction.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_Gmail_Message_Eviction.png -------------------------------------------------------------------------------- /G_Suite_for_Gmail_Message_Eviction.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_Gmail_Message_Eviction.py -------------------------------------------------------------------------------- /G_Suite_for_Gmail_Search_and_Purge.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_Gmail_Search_and_Purge.json -------------------------------------------------------------------------------- /G_Suite_for_Gmail_Search_and_Purge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_Gmail_Search_and_Purge.png -------------------------------------------------------------------------------- /G_Suite_for_Gmail_Search_and_Purge.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/G_Suite_for_Gmail_Search_and_Purge.py -------------------------------------------------------------------------------- /Identifier_Activity_Analysis_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Identifier_Activity_Analysis_Dispatch.json -------------------------------------------------------------------------------- /Identifier_Activity_Analysis_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Identifier_Activity_Analysis_Dispatch.png -------------------------------------------------------------------------------- /Identifier_Activity_Analysis_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Identifier_Activity_Analysis_Dispatch.py -------------------------------------------------------------------------------- /Identifier_Reputation_Analysis_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Identifier_Reputation_Analysis_Dispatch.json -------------------------------------------------------------------------------- /Identifier_Reputation_Analysis_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Identifier_Reputation_Analysis_Dispatch.png -------------------------------------------------------------------------------- /Identifier_Reputation_Analysis_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Identifier_Reputation_Analysis_Dispatch.py -------------------------------------------------------------------------------- /Jira_Related_Tickets_Search.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Jira_Related_Tickets_Search.json -------------------------------------------------------------------------------- /Jira_Related_Tickets_Search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Jira_Related_Tickets_Search.png -------------------------------------------------------------------------------- /Jira_Related_Tickets_Search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Jira_Related_Tickets_Search.py -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/LICENSE -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Eviction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Eviction.json -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Eviction.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Eviction.png -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Eviction.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Eviction.py -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.json -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.png -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Identifier_Activity_Analysis.py -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Restore.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Restore.json -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Restore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Restore.png -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Message_Restore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Message_Restore.py -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Search_and_Purge.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Search_and_Purge.json -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Search_and_Purge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Search_and_Purge.png -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Search_and_Purge.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Search_and_Purge.py -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Search_and_Restore.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Search_and_Restore.json -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Search_and_Restore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Search_and_Restore.png -------------------------------------------------------------------------------- /MS_Graph_for_Office_365_Search_and_Restore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/MS_Graph_for_Office_365_Search_and_Restore.py -------------------------------------------------------------------------------- /Microsoft_Defender_For_Endpoint_Network_Isolation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Microsoft_Defender_For_Endpoint_Network_Isolation.json -------------------------------------------------------------------------------- /Microsoft_Defender_For_Endpoint_Network_Isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Microsoft_Defender_For_Endpoint_Network_Isolation.png -------------------------------------------------------------------------------- /Microsoft_Defender_For_Endpoint_Network_Isolation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Microsoft_Defender_For_Endpoint_Network_Isolation.py -------------------------------------------------------------------------------- /Microsoft_Defender_For_Endpoint_Network_Restore.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Microsoft_Defender_For_Endpoint_Network_Restore.json -------------------------------------------------------------------------------- /Microsoft_Defender_For_Endpoint_Network_Restore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Microsoft_Defender_For_Endpoint_Network_Restore.png -------------------------------------------------------------------------------- /Microsoft_Defender_For_Endpoint_Network_Restore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Microsoft_Defender_For_Endpoint_Network_Restore.py -------------------------------------------------------------------------------- /Mission_Control_Attribute_Lookup.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Attribute_Lookup.json -------------------------------------------------------------------------------- /Mission_Control_Attribute_Lookup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Attribute_Lookup.png -------------------------------------------------------------------------------- /Mission_Control_Attribute_Lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Attribute_Lookup.py -------------------------------------------------------------------------------- /Mission_Control_Automated_Enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Automated_Enrichment.json -------------------------------------------------------------------------------- /Mission_Control_Automated_Enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Automated_Enrichment.png -------------------------------------------------------------------------------- /Mission_Control_Automated_Enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Automated_Enrichment.py -------------------------------------------------------------------------------- /Mission_Control_Identifier_Reputation_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Identifier_Reputation_Analysis.json -------------------------------------------------------------------------------- /Mission_Control_Identifier_Reputation_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Identifier_Reputation_Analysis.png -------------------------------------------------------------------------------- /Mission_Control_Identifier_Reputation_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Identifier_Reputation_Analysis.py -------------------------------------------------------------------------------- /Mission_Control_Related_Tickets_Search.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Related_Tickets_Search.json -------------------------------------------------------------------------------- /Mission_Control_Related_Tickets_Search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Related_Tickets_Search.png -------------------------------------------------------------------------------- /Mission_Control_Related_Tickets_Search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Mission_Control_Related_Tickets_Search.py -------------------------------------------------------------------------------- /Panorama_Outbound_Traffic_Filtering.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Panorama_Outbound_Traffic_Filtering.json -------------------------------------------------------------------------------- /Panorama_Outbound_Traffic_Filtering.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Panorama_Outbound_Traffic_Filtering.png -------------------------------------------------------------------------------- /Panorama_Outbound_Traffic_Filtering.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Panorama_Outbound_Traffic_Filtering.py -------------------------------------------------------------------------------- /PhishTank_URL_Reputation_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/PhishTank_URL_Reputation_Analysis.json -------------------------------------------------------------------------------- /PhishTank_URL_Reputation_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/PhishTank_URL_Reputation_Analysis.png -------------------------------------------------------------------------------- /PhishTank_URL_Reputation_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/PhishTank_URL_Reputation_Analysis.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/README.md -------------------------------------------------------------------------------- /Related_Tickets_Search_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Related_Tickets_Search_Dispatch.json -------------------------------------------------------------------------------- /Related_Tickets_Search_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Related_Tickets_Search_Dispatch.png -------------------------------------------------------------------------------- /Related_Tickets_Search_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Related_Tickets_Search_Dispatch.py -------------------------------------------------------------------------------- /ReversingLabs_Reported_Email_Triage.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_Reported_Email_Triage.json -------------------------------------------------------------------------------- /ReversingLabs_Reported_Email_Triage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_Reported_Email_Triage.png -------------------------------------------------------------------------------- /ReversingLabs_Reported_Email_Triage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_Reported_Email_Triage.py -------------------------------------------------------------------------------- /ReversingLabs_TitaniumCloud_File_Reputation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumCloud_File_Reputation.json -------------------------------------------------------------------------------- /ReversingLabs_TitaniumCloud_File_Reputation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumCloud_File_Reputation.png -------------------------------------------------------------------------------- /ReversingLabs_TitaniumCloud_File_Reputation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumCloud_File_Reputation.py -------------------------------------------------------------------------------- /ReversingLabs_TitaniumCloud_URL_Reputation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumCloud_URL_Reputation.json -------------------------------------------------------------------------------- /ReversingLabs_TitaniumCloud_URL_Reputation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumCloud_URL_Reputation.png -------------------------------------------------------------------------------- /ReversingLabs_TitaniumCloud_URL_Reputation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumCloud_URL_Reputation.py -------------------------------------------------------------------------------- /ReversingLabs_TitaniumScale_File_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumScale_File_Analysis.json -------------------------------------------------------------------------------- /ReversingLabs_TitaniumScale_File_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumScale_File_Analysis.png -------------------------------------------------------------------------------- /ReversingLabs_TitaniumScale_File_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ReversingLabs_TitaniumScale_File_Analysis.py -------------------------------------------------------------------------------- /ServiceNow_Create_Incident.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Create_Incident.json -------------------------------------------------------------------------------- /ServiceNow_Create_Incident.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Create_Incident.png -------------------------------------------------------------------------------- /ServiceNow_Create_Incident.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Create_Incident.py -------------------------------------------------------------------------------- /ServiceNow_Create_Incident_Es.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Create_Incident_Es.json -------------------------------------------------------------------------------- /ServiceNow_Create_Incident_Es.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Create_Incident_Es.png -------------------------------------------------------------------------------- /ServiceNow_Create_Incident_Es.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Create_Incident_Es.py -------------------------------------------------------------------------------- /ServiceNow_Query_Incidents.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Query_Incidents.json -------------------------------------------------------------------------------- /ServiceNow_Query_Incidents.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Query_Incidents.png -------------------------------------------------------------------------------- /ServiceNow_Query_Incidents.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Query_Incidents.py -------------------------------------------------------------------------------- /ServiceNow_Related_Tickets_Search.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Related_Tickets_Search.json -------------------------------------------------------------------------------- /ServiceNow_Related_Tickets_Search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Related_Tickets_Search.png -------------------------------------------------------------------------------- /ServiceNow_Related_Tickets_Search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Related_Tickets_Search.py -------------------------------------------------------------------------------- /ServiceNow_Update_Incident.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Update_Incident.json -------------------------------------------------------------------------------- /ServiceNow_Update_Incident.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Update_Incident.png -------------------------------------------------------------------------------- /ServiceNow_Update_Incident.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Update_Incident.py -------------------------------------------------------------------------------- /ServiceNow_Update_Incident_Notes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Update_Incident_Notes.json -------------------------------------------------------------------------------- /ServiceNow_Update_Incident_Notes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Update_Incident_Notes.png -------------------------------------------------------------------------------- /ServiceNow_Update_Incident_Notes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ServiceNow_Update_Incident_Notes.py -------------------------------------------------------------------------------- /Splunk_Attack_Analyzer_Dynamic_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Attack_Analyzer_Dynamic_Analysis.json -------------------------------------------------------------------------------- /Splunk_Attack_Analyzer_Dynamic_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Attack_Analyzer_Dynamic_Analysis.png -------------------------------------------------------------------------------- /Splunk_Attack_Analyzer_Dynamic_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Attack_Analyzer_Dynamic_Analysis.py -------------------------------------------------------------------------------- /Splunk_Automated_Email_Investigation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Automated_Email_Investigation.json -------------------------------------------------------------------------------- /Splunk_Automated_Email_Investigation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Automated_Email_Investigation.png -------------------------------------------------------------------------------- /Splunk_Automated_Email_Investigation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Automated_Email_Investigation.py -------------------------------------------------------------------------------- /Splunk_Identifier_Activity_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Identifier_Activity_Analysis.json -------------------------------------------------------------------------------- /Splunk_Identifier_Activity_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Identifier_Activity_Analysis.png -------------------------------------------------------------------------------- /Splunk_Identifier_Activity_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Identifier_Activity_Analysis.py -------------------------------------------------------------------------------- /Splunk_Message_Identifier_Activity_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Message_Identifier_Activity_Analysis.json -------------------------------------------------------------------------------- /Splunk_Message_Identifier_Activity_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Message_Identifier_Activity_Analysis.png -------------------------------------------------------------------------------- /Splunk_Message_Identifier_Activity_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Message_Identifier_Activity_Analysis.py -------------------------------------------------------------------------------- /Splunk_Notable_Related_Tickets_Search.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Notable_Related_Tickets_Search.json -------------------------------------------------------------------------------- /Splunk_Notable_Related_Tickets_Search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Notable_Related_Tickets_Search.png -------------------------------------------------------------------------------- /Splunk_Notable_Related_Tickets_Search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Splunk_Notable_Related_Tickets_Search.py -------------------------------------------------------------------------------- /URL_Outbound_Traffic_Filtering_Dispatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/URL_Outbound_Traffic_Filtering_Dispatch.json -------------------------------------------------------------------------------- /URL_Outbound_Traffic_Filtering_Dispatch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/URL_Outbound_Traffic_Filtering_Dispatch.png -------------------------------------------------------------------------------- /URL_Outbound_Traffic_Filtering_Dispatch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/URL_Outbound_Traffic_Filtering_Dispatch.py -------------------------------------------------------------------------------- /UrlScan_IO_Dynamic_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/UrlScan_IO_Dynamic_Analysis.json -------------------------------------------------------------------------------- /UrlScan_IO_Dynamic_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/UrlScan_IO_Dynamic_Analysis.png -------------------------------------------------------------------------------- /UrlScan_IO_Dynamic_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/UrlScan_IO_Dynamic_Analysis.py -------------------------------------------------------------------------------- /VirusTotal_v3_Dynamic_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/VirusTotal_v3_Dynamic_Analysis.json -------------------------------------------------------------------------------- /VirusTotal_v3_Dynamic_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/VirusTotal_v3_Dynamic_Analysis.png -------------------------------------------------------------------------------- /VirusTotal_v3_Dynamic_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/VirusTotal_v3_Dynamic_Analysis.py -------------------------------------------------------------------------------- /VirusTotal_v3_Identifier_Reputation_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/VirusTotal_v3_Identifier_Reputation_Analysis.json -------------------------------------------------------------------------------- /VirusTotal_v3_Identifier_Reputation_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/VirusTotal_v3_Identifier_Reputation_Analysis.png -------------------------------------------------------------------------------- /VirusTotal_v3_Identifier_Reputation_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/VirusTotal_v3_Identifier_Reputation_Analysis.py -------------------------------------------------------------------------------- /Windows_Defender_ATP_Identifier_Activity_Analysis.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Windows_Defender_ATP_Identifier_Activity_Analysis.json -------------------------------------------------------------------------------- /Windows_Defender_ATP_Identifier_Activity_Analysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Windows_Defender_ATP_Identifier_Activity_Analysis.png -------------------------------------------------------------------------------- /Windows_Defender_ATP_Identifier_Activity_Analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Windows_Defender_ATP_Identifier_Activity_Analysis.py -------------------------------------------------------------------------------- /Zscaler_Outbound_Traffic_Filtering.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Zscaler_Outbound_Traffic_Filtering.json -------------------------------------------------------------------------------- /Zscaler_Outbound_Traffic_Filtering.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Zscaler_Outbound_Traffic_Filtering.png -------------------------------------------------------------------------------- /Zscaler_Outbound_Traffic_Filtering.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/Zscaler_Outbound_Traffic_Filtering.py -------------------------------------------------------------------------------- /activedirectory_reset_password.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/activedirectory_reset_password.json -------------------------------------------------------------------------------- /activedirectory_reset_password.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/activedirectory_reset_password.png -------------------------------------------------------------------------------- /activedirectory_reset_password.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/activedirectory_reset_password.py -------------------------------------------------------------------------------- /advanced_playbook_tutorial.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/advanced_playbook_tutorial.json -------------------------------------------------------------------------------- /advanced_playbook_tutorial.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/advanced_playbook_tutorial.png -------------------------------------------------------------------------------- /advanced_playbook_tutorial.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/advanced_playbook_tutorial.py -------------------------------------------------------------------------------- /alert_deescalation_for_test_machines.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/alert_deescalation_for_test_machines.json -------------------------------------------------------------------------------- /alert_deescalation_for_test_machines.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/alert_deescalation_for_test_machines.png -------------------------------------------------------------------------------- /alert_deescalation_for_test_machines.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/alert_deescalation_for_test_machines.py -------------------------------------------------------------------------------- /alert_escalation_for_attacked_executives.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/alert_escalation_for_attacked_executives.json -------------------------------------------------------------------------------- /alert_escalation_for_attacked_executives.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/alert_escalation_for_attacked_executives.png -------------------------------------------------------------------------------- /alert_escalation_for_attacked_executives.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/alert_escalation_for_attacked_executives.py -------------------------------------------------------------------------------- /aws_disable_user_accounts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/aws_disable_user_accounts.json -------------------------------------------------------------------------------- /aws_disable_user_accounts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/aws_disable_user_accounts.png -------------------------------------------------------------------------------- /aws_disable_user_accounts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/aws_disable_user_accounts.py -------------------------------------------------------------------------------- /aws_find_inactive_users.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/aws_find_inactive_users.json -------------------------------------------------------------------------------- /aws_find_inactive_users.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/aws_find_inactive_users.png -------------------------------------------------------------------------------- /aws_find_inactive_users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/aws_find_inactive_users.py -------------------------------------------------------------------------------- /azure_new_user_census.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/azure_new_user_census.json -------------------------------------------------------------------------------- /azure_new_user_census.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/azure_new_user_census.png -------------------------------------------------------------------------------- /azure_new_user_census.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/azure_new_user_census.py -------------------------------------------------------------------------------- /corelight_investigate_dns_alert.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/corelight_investigate_dns_alert.json -------------------------------------------------------------------------------- /corelight_investigate_dns_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/corelight_investigate_dns_alert.png -------------------------------------------------------------------------------- /corelight_investigate_dns_alert.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/corelight_investigate_dns_alert.py -------------------------------------------------------------------------------- /create_ticket.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/create_ticket.json -------------------------------------------------------------------------------- /create_ticket.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/create_ticket.png -------------------------------------------------------------------------------- /create_ticket.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/create_ticket.py -------------------------------------------------------------------------------- /crowdstrike_malware_triage.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/crowdstrike_malware_triage.json -------------------------------------------------------------------------------- /crowdstrike_malware_triage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/crowdstrike_malware_triage.png -------------------------------------------------------------------------------- /crowdstrike_malware_triage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/crowdstrike_malware_triage.py -------------------------------------------------------------------------------- /custom_functions/artifact_create.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/artifact_create.json -------------------------------------------------------------------------------- /custom_functions/artifact_create.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/artifact_create.py -------------------------------------------------------------------------------- /custom_functions/artifact_update.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/artifact_update.json -------------------------------------------------------------------------------- /custom_functions/artifact_update.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/artifact_update.py -------------------------------------------------------------------------------- /custom_functions/asset_get_attributes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/asset_get_attributes.json -------------------------------------------------------------------------------- /custom_functions/asset_get_attributes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/asset_get_attributes.py -------------------------------------------------------------------------------- /custom_functions/base64_decode.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/base64_decode.json -------------------------------------------------------------------------------- /custom_functions/base64_decode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/base64_decode.py -------------------------------------------------------------------------------- /custom_functions/collect_by_cef_type.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/collect_by_cef_type.json -------------------------------------------------------------------------------- /custom_functions/collect_by_cef_type.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/collect_by_cef_type.py -------------------------------------------------------------------------------- /custom_functions/comment_list.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/comment_list.json -------------------------------------------------------------------------------- /custom_functions/comment_list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/comment_list.py -------------------------------------------------------------------------------- /custom_functions/container_merge.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/container_merge.json -------------------------------------------------------------------------------- /custom_functions/container_merge.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/container_merge.py -------------------------------------------------------------------------------- /custom_functions/container_update.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/container_update.json -------------------------------------------------------------------------------- /custom_functions/container_update.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/container_update.py -------------------------------------------------------------------------------- /custom_functions/custom_list_enumerate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/custom_list_enumerate.json -------------------------------------------------------------------------------- /custom_functions/custom_list_enumerate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/custom_list_enumerate.py -------------------------------------------------------------------------------- /custom_functions/custom_list_value_in_strings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/custom_list_value_in_strings.json -------------------------------------------------------------------------------- /custom_functions/custom_list_value_in_strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/custom_list_value_in_strings.py -------------------------------------------------------------------------------- /custom_functions/datetime_modify.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/datetime_modify.json -------------------------------------------------------------------------------- /custom_functions/datetime_modify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/datetime_modify.py -------------------------------------------------------------------------------- /custom_functions/debug.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/debug.json -------------------------------------------------------------------------------- /custom_functions/debug.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/debug.py -------------------------------------------------------------------------------- /custom_functions/find_related_containers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/find_related_containers.json -------------------------------------------------------------------------------- /custom_functions/find_related_containers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/find_related_containers.py -------------------------------------------------------------------------------- /custom_functions/indicator_collect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_collect.json -------------------------------------------------------------------------------- /custom_functions/indicator_collect.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_collect.py -------------------------------------------------------------------------------- /custom_functions/indicator_get_by_tag.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_get_by_tag.json -------------------------------------------------------------------------------- /custom_functions/indicator_get_by_tag.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_get_by_tag.py -------------------------------------------------------------------------------- /custom_functions/indicator_remove_tag.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_remove_tag.json -------------------------------------------------------------------------------- /custom_functions/indicator_remove_tag.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_remove_tag.py -------------------------------------------------------------------------------- /custom_functions/indicator_tag.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_tag.json -------------------------------------------------------------------------------- /custom_functions/indicator_tag.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/indicator_tag.py -------------------------------------------------------------------------------- /custom_functions/json_safe_format.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/json_safe_format.json -------------------------------------------------------------------------------- /custom_functions/json_safe_format.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/json_safe_format.py -------------------------------------------------------------------------------- /custom_functions/list_deduplicate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_deduplicate.json -------------------------------------------------------------------------------- /custom_functions/list_deduplicate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_deduplicate.py -------------------------------------------------------------------------------- /custom_functions/list_demux.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_demux.json -------------------------------------------------------------------------------- /custom_functions/list_demux.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_demux.py -------------------------------------------------------------------------------- /custom_functions/list_drop_none.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_drop_none.json -------------------------------------------------------------------------------- /custom_functions/list_drop_none.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_drop_none.py -------------------------------------------------------------------------------- /custom_functions/list_merge.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_merge.json -------------------------------------------------------------------------------- /custom_functions/list_merge.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_merge.py -------------------------------------------------------------------------------- /custom_functions/list_zip.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_zip.json -------------------------------------------------------------------------------- /custom_functions/list_zip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/list_zip.py -------------------------------------------------------------------------------- /custom_functions/mark_evidence.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/mark_evidence.json -------------------------------------------------------------------------------- /custom_functions/mark_evidence.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/mark_evidence.py -------------------------------------------------------------------------------- /custom_functions/noop.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/noop.json -------------------------------------------------------------------------------- /custom_functions/noop.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/noop.py -------------------------------------------------------------------------------- /custom_functions/passthrough.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/passthrough.json -------------------------------------------------------------------------------- /custom_functions/passthrough.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/passthrough.py -------------------------------------------------------------------------------- /custom_functions/playbooks_list.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/playbooks_list.json -------------------------------------------------------------------------------- /custom_functions/playbooks_list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/playbooks_list.py -------------------------------------------------------------------------------- /custom_functions/regex_extract_email.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_extract_email.json -------------------------------------------------------------------------------- /custom_functions/regex_extract_email.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_extract_email.py -------------------------------------------------------------------------------- /custom_functions/regex_extract_ipv4.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_extract_ipv4.json -------------------------------------------------------------------------------- /custom_functions/regex_extract_ipv4.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_extract_ipv4.py -------------------------------------------------------------------------------- /custom_functions/regex_extract_url.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_extract_url.json -------------------------------------------------------------------------------- /custom_functions/regex_extract_url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_extract_url.py -------------------------------------------------------------------------------- /custom_functions/regex_filter_list.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_filter_list.json -------------------------------------------------------------------------------- /custom_functions/regex_filter_list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_filter_list.py -------------------------------------------------------------------------------- /custom_functions/regex_split.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_split.json -------------------------------------------------------------------------------- /custom_functions/regex_split.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/regex_split.py -------------------------------------------------------------------------------- /custom_functions/string_epoch_to_timestamp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_epoch_to_timestamp.json -------------------------------------------------------------------------------- /custom_functions/string_epoch_to_timestamp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_epoch_to_timestamp.py -------------------------------------------------------------------------------- /custom_functions/string_remove_crlf.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_remove_crlf.json -------------------------------------------------------------------------------- /custom_functions/string_remove_crlf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_remove_crlf.py -------------------------------------------------------------------------------- /custom_functions/string_split.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_split.json -------------------------------------------------------------------------------- /custom_functions/string_split.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_split.py -------------------------------------------------------------------------------- /custom_functions/string_to_lowercase.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_to_lowercase.json -------------------------------------------------------------------------------- /custom_functions/string_to_lowercase.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_to_lowercase.py -------------------------------------------------------------------------------- /custom_functions/string_to_uppercase.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_to_uppercase.json -------------------------------------------------------------------------------- /custom_functions/string_to_uppercase.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_to_uppercase.py -------------------------------------------------------------------------------- /custom_functions/string_uri_decode.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_uri_decode.json -------------------------------------------------------------------------------- /custom_functions/string_uri_decode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/string_uri_decode.py -------------------------------------------------------------------------------- /custom_functions/url_parse.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/url_parse.json -------------------------------------------------------------------------------- /custom_functions/url_parse.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/url_parse.py -------------------------------------------------------------------------------- /custom_functions/vault_copy_or_move.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/vault_copy_or_move.json -------------------------------------------------------------------------------- /custom_functions/vault_copy_or_move.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/vault_copy_or_move.py -------------------------------------------------------------------------------- /custom_functions/vault_list.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/vault_list.json -------------------------------------------------------------------------------- /custom_functions/vault_list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/vault_list.py -------------------------------------------------------------------------------- /custom_functions/workbook_add.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/workbook_add.json -------------------------------------------------------------------------------- /custom_functions/workbook_add.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/workbook_add.py -------------------------------------------------------------------------------- /custom_functions/workbook_list.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/workbook_list.json -------------------------------------------------------------------------------- /custom_functions/workbook_list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/workbook_list.py -------------------------------------------------------------------------------- /custom_functions/workbook_task_update.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/workbook_task_update.json -------------------------------------------------------------------------------- /custom_functions/workbook_task_update.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/workbook_task_update.py -------------------------------------------------------------------------------- /custom_functions/zip_extract.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/zip_extract.json -------------------------------------------------------------------------------- /custom_functions/zip_extract.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/custom_functions/zip_extract.py -------------------------------------------------------------------------------- /customer_firewall_request_handle_artifact.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/customer_firewall_request_handle_artifact.json -------------------------------------------------------------------------------- /customer_firewall_request_handle_artifact.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/customer_firewall_request_handle_artifact.png -------------------------------------------------------------------------------- /customer_firewall_request_handle_artifact.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/customer_firewall_request_handle_artifact.py -------------------------------------------------------------------------------- /customer_firewall_request_parse_csv.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/customer_firewall_request_parse_csv.json -------------------------------------------------------------------------------- /customer_firewall_request_parse_csv.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/customer_firewall_request_parse_csv.png -------------------------------------------------------------------------------- /customer_firewall_request_parse_csv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/customer_firewall_request_parse_csv.py -------------------------------------------------------------------------------- /delete_detected_files.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/delete_detected_files.json -------------------------------------------------------------------------------- /delete_detected_files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/delete_detected_files.png -------------------------------------------------------------------------------- /delete_detected_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/delete_detected_files.py -------------------------------------------------------------------------------- /dispatch_input_playbooks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/dispatch_input_playbooks.json -------------------------------------------------------------------------------- /dispatch_input_playbooks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/dispatch_input_playbooks.png -------------------------------------------------------------------------------- /dispatch_input_playbooks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/dispatch_input_playbooks.py -------------------------------------------------------------------------------- /dns_hijack_enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/dns_hijack_enrichment.json -------------------------------------------------------------------------------- /dns_hijack_enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/dns_hijack_enrichment.png -------------------------------------------------------------------------------- /dns_hijack_enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/dns_hijack_enrichment.py -------------------------------------------------------------------------------- /domain_block_umbrella.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/domain_block_umbrella.json -------------------------------------------------------------------------------- /domain_block_umbrella.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/domain_block_umbrella.png -------------------------------------------------------------------------------- /domain_block_umbrella.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/domain_block_umbrella.py -------------------------------------------------------------------------------- /domain_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/domain_investigate.json -------------------------------------------------------------------------------- /domain_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/domain_investigate.png -------------------------------------------------------------------------------- /domain_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/domain_investigate.py -------------------------------------------------------------------------------- /ec2_instance_investigation_and_notification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ec2_instance_investigation_and_notification.json -------------------------------------------------------------------------------- /ec2_instance_investigation_and_notification.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ec2_instance_investigation_and_notification.png -------------------------------------------------------------------------------- /ec2_instance_investigation_and_notification.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ec2_instance_investigation_and_notification.py -------------------------------------------------------------------------------- /ec2_instance_isolation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ec2_instance_isolation.json -------------------------------------------------------------------------------- /ec2_instance_isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ec2_instance_isolation.png -------------------------------------------------------------------------------- /ec2_instance_isolation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ec2_instance_isolation.py -------------------------------------------------------------------------------- /email_notification_for_malware.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/email_notification_for_malware.json -------------------------------------------------------------------------------- /email_notification_for_malware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/email_notification_for_malware.png -------------------------------------------------------------------------------- /email_notification_for_malware.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/email_notification_for_malware.py -------------------------------------------------------------------------------- /endace_splunk_search_download_pcap.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/endace_splunk_search_download_pcap.json -------------------------------------------------------------------------------- /endace_splunk_search_download_pcap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/endace_splunk_search_download_pcap.png -------------------------------------------------------------------------------- /endace_splunk_search_download_pcap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/endace_splunk_search_download_pcap.py -------------------------------------------------------------------------------- /excessive_account_lockouts_enrichment_and_response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/excessive_account_lockouts_enrichment_and_response.json -------------------------------------------------------------------------------- /excessive_account_lockouts_enrichment_and_response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/excessive_account_lockouts_enrichment_and_response.png -------------------------------------------------------------------------------- /excessive_account_lockouts_enrichment_and_response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/excessive_account_lockouts_enrichment_and_response.py -------------------------------------------------------------------------------- /extrahop_detect_data_exfiltration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_detect_data_exfiltration.json -------------------------------------------------------------------------------- /extrahop_detect_data_exfiltration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_detect_data_exfiltration.png -------------------------------------------------------------------------------- /extrahop_detect_data_exfiltration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_detect_data_exfiltration.py -------------------------------------------------------------------------------- /extrahop_externally_accessible_databases.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_externally_accessible_databases.json -------------------------------------------------------------------------------- /extrahop_externally_accessible_databases.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_externally_accessible_databases.png -------------------------------------------------------------------------------- /extrahop_externally_accessible_databases.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_externally_accessible_databases.py -------------------------------------------------------------------------------- /extrahop_new_dns_servers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_new_dns_servers.json -------------------------------------------------------------------------------- /extrahop_new_dns_servers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_new_dns_servers.png -------------------------------------------------------------------------------- /extrahop_new_dns_servers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/extrahop_new_dns_servers.py -------------------------------------------------------------------------------- /gcp_unusual_serviceaccount_usage.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/gcp_unusual_serviceaccount_usage.json -------------------------------------------------------------------------------- /gcp_unusual_serviceaccount_usage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/gcp_unusual_serviceaccount_usage.png -------------------------------------------------------------------------------- /gcp_unusual_serviceaccount_usage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/gcp_unusual_serviceaccount_usage.py -------------------------------------------------------------------------------- /greynoise_gnql_enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_gnql_enrichment.json -------------------------------------------------------------------------------- /greynoise_gnql_enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_gnql_enrichment.png -------------------------------------------------------------------------------- /greynoise_gnql_enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_gnql_enrichment.py -------------------------------------------------------------------------------- /greynoise_ip_enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_ip_enrichment.json -------------------------------------------------------------------------------- /greynoise_ip_enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_ip_enrichment.png -------------------------------------------------------------------------------- /greynoise_ip_enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_ip_enrichment.py -------------------------------------------------------------------------------- /greynoise_on_poll_set_severity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_on_poll_set_severity.json -------------------------------------------------------------------------------- /greynoise_on_poll_set_severity.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_on_poll_set_severity.png -------------------------------------------------------------------------------- /greynoise_on_poll_set_severity.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_on_poll_set_severity.py -------------------------------------------------------------------------------- /greynoise_update_severity_from_ip_reputation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_update_severity_from_ip_reputation.json -------------------------------------------------------------------------------- /greynoise_update_severity_from_ip_reputation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_update_severity_from_ip_reputation.png -------------------------------------------------------------------------------- /greynoise_update_severity_from_ip_reputation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/greynoise_update_severity_from_ip_reputation.py -------------------------------------------------------------------------------- /host_quarantine_crowdstrike.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/host_quarantine_crowdstrike.json -------------------------------------------------------------------------------- /host_quarantine_crowdstrike.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/host_quarantine_crowdstrike.png -------------------------------------------------------------------------------- /host_quarantine_crowdstrike.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/host_quarantine_crowdstrike.py -------------------------------------------------------------------------------- /intelligence_management_enrich_indicators.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/intelligence_management_enrich_indicators.json -------------------------------------------------------------------------------- /intelligence_management_enrich_indicators.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/intelligence_management_enrich_indicators.png -------------------------------------------------------------------------------- /intelligence_management_enrich_indicators.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/intelligence_management_enrich_indicators.py -------------------------------------------------------------------------------- /internal_host_splunk_investigate_log4j.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_splunk_investigate_log4j.json -------------------------------------------------------------------------------- /internal_host_splunk_investigate_log4j.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_splunk_investigate_log4j.png -------------------------------------------------------------------------------- /internal_host_splunk_investigate_log4j.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_splunk_investigate_log4j.py -------------------------------------------------------------------------------- /internal_host_ssh_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_investigate.json -------------------------------------------------------------------------------- /internal_host_ssh_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_investigate.png -------------------------------------------------------------------------------- /internal_host_ssh_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_investigate.py -------------------------------------------------------------------------------- /internal_host_ssh_log4j_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_log4j_investigate.json -------------------------------------------------------------------------------- /internal_host_ssh_log4j_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_log4j_investigate.png -------------------------------------------------------------------------------- /internal_host_ssh_log4j_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_log4j_investigate.py -------------------------------------------------------------------------------- /internal_host_ssh_log4j_respond.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_log4j_respond.json -------------------------------------------------------------------------------- /internal_host_ssh_log4j_respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_log4j_respond.png -------------------------------------------------------------------------------- /internal_host_ssh_log4j_respond.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_ssh_log4j_respond.py -------------------------------------------------------------------------------- /internal_host_winrm_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_investigate.json -------------------------------------------------------------------------------- /internal_host_winrm_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_investigate.png -------------------------------------------------------------------------------- /internal_host_winrm_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_investigate.py -------------------------------------------------------------------------------- /internal_host_winrm_log4j_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_log4j_investigate.json -------------------------------------------------------------------------------- /internal_host_winrm_log4j_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_log4j_investigate.png -------------------------------------------------------------------------------- /internal_host_winrm_log4j_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_log4j_investigate.py -------------------------------------------------------------------------------- /internal_host_winrm_log4j_respond.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_log4j_respond.json -------------------------------------------------------------------------------- /internal_host_winrm_log4j_respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_log4j_respond.png -------------------------------------------------------------------------------- /internal_host_winrm_log4j_respond.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/internal_host_winrm_log4j_respond.py -------------------------------------------------------------------------------- /lets_encrypt_domain_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/lets_encrypt_domain_investigate.json -------------------------------------------------------------------------------- /lets_encrypt_domain_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/lets_encrypt_domain_investigate.png -------------------------------------------------------------------------------- /lets_encrypt_domain_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/lets_encrypt_domain_investigate.py -------------------------------------------------------------------------------- /log4j_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/log4j_investigate.json -------------------------------------------------------------------------------- /log4j_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/log4j_investigate.png -------------------------------------------------------------------------------- /log4j_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/log4j_investigate.py -------------------------------------------------------------------------------- /log4j_respond.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/log4j_respond.json -------------------------------------------------------------------------------- /log4j_respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/log4j_respond.png -------------------------------------------------------------------------------- /log4j_respond.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/log4j_respond.py -------------------------------------------------------------------------------- /mcafee_phishing_attachment_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/mcafee_phishing_attachment_investigate.json -------------------------------------------------------------------------------- /mcafee_phishing_attachment_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/mcafee_phishing_attachment_investigate.png -------------------------------------------------------------------------------- /mcafee_phishing_attachment_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/mcafee_phishing_attachment_investigate.py -------------------------------------------------------------------------------- /nagios_service_monitor.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/nagios_service_monitor.json -------------------------------------------------------------------------------- /nagios_service_monitor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/nagios_service_monitor.png -------------------------------------------------------------------------------- /nagios_service_monitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/nagios_service_monitor.py -------------------------------------------------------------------------------- /onboarding_demonstration.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/onboarding_demonstration.json -------------------------------------------------------------------------------- /onboarding_demonstration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/onboarding_demonstration.png -------------------------------------------------------------------------------- /onboarding_demonstration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/onboarding_demonstration.py -------------------------------------------------------------------------------- /phishme_email_investigate_and_respond.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/phishme_email_investigate_and_respond.json -------------------------------------------------------------------------------- /phishme_email_investigate_and_respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/phishme_email_investigate_and_respond.png -------------------------------------------------------------------------------- /phishme_email_investigate_and_respond.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/phishme_email_investigate_and_respond.py -------------------------------------------------------------------------------- /pin_to_hud_sample.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/pin_to_hud_sample.json -------------------------------------------------------------------------------- /pin_to_hud_sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/pin_to_hud_sample.png -------------------------------------------------------------------------------- /pin_to_hud_sample.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/pin_to_hud_sample.py -------------------------------------------------------------------------------- /protectwise_investigate_and_respond.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/protectwise_investigate_and_respond.json -------------------------------------------------------------------------------- /protectwise_investigate_and_respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/protectwise_investigate_and_respond.png -------------------------------------------------------------------------------- /protectwise_investigate_and_respond.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/protectwise_investigate_and_respond.py -------------------------------------------------------------------------------- /ransomware_investigate_and_contain.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ransomware_investigate_and_contain.json -------------------------------------------------------------------------------- /ransomware_investigate_and_contain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ransomware_investigate_and_contain.png -------------------------------------------------------------------------------- /ransomware_investigate_and_contain.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ransomware_investigate_and_contain.py -------------------------------------------------------------------------------- /recorded_future_correlation_response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_correlation_response.json -------------------------------------------------------------------------------- /recorded_future_correlation_response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_correlation_response.png -------------------------------------------------------------------------------- /recorded_future_correlation_response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_correlation_response.py -------------------------------------------------------------------------------- /recorded_future_handle_leaked_credentials.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_handle_leaked_credentials.json -------------------------------------------------------------------------------- /recorded_future_handle_leaked_credentials.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_handle_leaked_credentials.png -------------------------------------------------------------------------------- /recorded_future_handle_leaked_credentials.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_handle_leaked_credentials.py -------------------------------------------------------------------------------- /recorded_future_indicator_enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_indicator_enrichment.json -------------------------------------------------------------------------------- /recorded_future_indicator_enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_indicator_enrichment.png -------------------------------------------------------------------------------- /recorded_future_indicator_enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_indicator_enrichment.py -------------------------------------------------------------------------------- /recorded_future_threat_hunting.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_threat_hunting.json -------------------------------------------------------------------------------- /recorded_future_threat_hunting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_threat_hunting.png -------------------------------------------------------------------------------- /recorded_future_threat_hunting.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/recorded_future_threat_hunting.py -------------------------------------------------------------------------------- /reinfected_endpoint_check.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/reinfected_endpoint_check.json -------------------------------------------------------------------------------- /reinfected_endpoint_check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/reinfected_endpoint_check.png -------------------------------------------------------------------------------- /reinfected_endpoint_check.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/reinfected_endpoint_check.py -------------------------------------------------------------------------------- /reset_entity_risk.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/reset_entity_risk.json -------------------------------------------------------------------------------- /reset_entity_risk.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/reset_entity_risk.py -------------------------------------------------------------------------------- /risk_notable_auto_containment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_containment.json -------------------------------------------------------------------------------- /risk_notable_auto_containment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_containment.py -------------------------------------------------------------------------------- /risk_notable_auto_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_investigate.json -------------------------------------------------------------------------------- /risk_notable_auto_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_investigate.py -------------------------------------------------------------------------------- /risk_notable_auto_merge.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_merge.json -------------------------------------------------------------------------------- /risk_notable_auto_merge.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_merge.py -------------------------------------------------------------------------------- /risk_notable_auto_undo_containment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_undo_containment.json -------------------------------------------------------------------------------- /risk_notable_auto_undo_containment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_auto_undo_containment.py -------------------------------------------------------------------------------- /risk_notable_block_indicators.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_block_indicators.json -------------------------------------------------------------------------------- /risk_notable_block_indicators.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_block_indicators.py -------------------------------------------------------------------------------- /risk_notable_enrich.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_enrich.json -------------------------------------------------------------------------------- /risk_notable_enrich.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_enrich.py -------------------------------------------------------------------------------- /risk_notable_import_data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_import_data.json -------------------------------------------------------------------------------- /risk_notable_import_data.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_import_data.py -------------------------------------------------------------------------------- /risk_notable_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_investigate.json -------------------------------------------------------------------------------- /risk_notable_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_investigate.py -------------------------------------------------------------------------------- /risk_notable_merge_events.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_merge_events.json -------------------------------------------------------------------------------- /risk_notable_merge_events.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_merge_events.py -------------------------------------------------------------------------------- /risk_notable_mitigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_mitigate.json -------------------------------------------------------------------------------- /risk_notable_mitigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_mitigate.py -------------------------------------------------------------------------------- /risk_notable_preprocess.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_preprocess.json -------------------------------------------------------------------------------- /risk_notable_preprocess.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_preprocess.py -------------------------------------------------------------------------------- /risk_notable_protect_assets_and_users.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_protect_assets_and_users.json -------------------------------------------------------------------------------- /risk_notable_protect_assets_and_users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_protect_assets_and_users.py -------------------------------------------------------------------------------- /risk_notable_review_indicators.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_review_indicators.json -------------------------------------------------------------------------------- /risk_notable_review_indicators.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_review_indicators.py -------------------------------------------------------------------------------- /risk_notable_verdict.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_verdict.json -------------------------------------------------------------------------------- /risk_notable_verdict.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/risk_notable_verdict.py -------------------------------------------------------------------------------- /rogue_wireless_access_point_remediate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/rogue_wireless_access_point_remediate.json -------------------------------------------------------------------------------- /rogue_wireless_access_point_remediate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/rogue_wireless_access_point_remediate.png -------------------------------------------------------------------------------- /rogue_wireless_access_point_remediate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/rogue_wireless_access_point_remediate.py -------------------------------------------------------------------------------- /splunk_enterprise_security_close_investigation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/splunk_enterprise_security_close_investigation.json -------------------------------------------------------------------------------- /splunk_enterprise_security_close_investigation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/splunk_enterprise_security_close_investigation.py -------------------------------------------------------------------------------- /splunk_enterprise_security_tag_assets_and_identities.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/splunk_enterprise_security_tag_assets_and_identities.json -------------------------------------------------------------------------------- /splunk_enterprise_security_tag_assets_and_identities.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/splunk_enterprise_security_tag_assets_and_identities.py -------------------------------------------------------------------------------- /ssh_endpoint_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ssh_endpoint_investigate.json -------------------------------------------------------------------------------- /ssh_endpoint_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ssh_endpoint_investigate.png -------------------------------------------------------------------------------- /ssh_endpoint_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/ssh_endpoint_investigate.py -------------------------------------------------------------------------------- /start_investigation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/start_investigation.json -------------------------------------------------------------------------------- /start_investigation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/start_investigation.py -------------------------------------------------------------------------------- /symantec_ioc_data_enhancement.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/symantec_ioc_data_enhancement.json -------------------------------------------------------------------------------- /symantec_ioc_data_enhancement.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/symantec_ioc_data_enhancement.png -------------------------------------------------------------------------------- /symantec_ioc_data_enhancement.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/symantec_ioc_data_enhancement.py -------------------------------------------------------------------------------- /symantec_proxysg_unblock_request.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/symantec_proxysg_unblock_request.json -------------------------------------------------------------------------------- /symantec_proxysg_unblock_request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/symantec_proxysg_unblock_request.png -------------------------------------------------------------------------------- /symantec_proxysg_unblock_request.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/symantec_proxysg_unblock_request.py -------------------------------------------------------------------------------- /terminate_spawned_processes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/terminate_spawned_processes.json -------------------------------------------------------------------------------- /terminate_spawned_processes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/terminate_spawned_processes.png -------------------------------------------------------------------------------- /terminate_spawned_processes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/terminate_spawned_processes.py -------------------------------------------------------------------------------- /test_connectivity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/test_connectivity.json -------------------------------------------------------------------------------- /test_connectivity.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/test_connectivity.png -------------------------------------------------------------------------------- /test_connectivity.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/test_connectivity.py -------------------------------------------------------------------------------- /threat_intel_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/threat_intel_investigate.json -------------------------------------------------------------------------------- /threat_intel_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/threat_intel_investigate.png -------------------------------------------------------------------------------- /threat_intel_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/threat_intel_investigate.py -------------------------------------------------------------------------------- /threatquotient_investigate_and_respond.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/threatquotient_investigate_and_respond.json -------------------------------------------------------------------------------- /threatquotient_investigate_and_respond.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/threatquotient_investigate_and_respond.png -------------------------------------------------------------------------------- /threatquotient_investigate_and_respond.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/threatquotient_investigate_and_respond.py -------------------------------------------------------------------------------- /track_active_directory_admin_users.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/track_active_directory_admin_users.json -------------------------------------------------------------------------------- /track_active_directory_admin_users.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/track_active_directory_admin_users.png -------------------------------------------------------------------------------- /track_active_directory_admin_users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/track_active_directory_admin_users.py -------------------------------------------------------------------------------- /trustar_network_enrichment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/trustar_network_enrichment.json -------------------------------------------------------------------------------- /trustar_network_enrichment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/trustar_network_enrichment.png -------------------------------------------------------------------------------- /trustar_network_enrichment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/trustar_network_enrichment.py -------------------------------------------------------------------------------- /url_investigate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/url_investigate.json -------------------------------------------------------------------------------- /url_investigate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/url_investigate.png -------------------------------------------------------------------------------- /url_investigate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/url_investigate.py -------------------------------------------------------------------------------- /user_approved_ticket_creation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/user_approved_ticket_creation.json -------------------------------------------------------------------------------- /user_approved_ticket_creation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/user_approved_ticket_creation.png -------------------------------------------------------------------------------- /user_approved_ticket_creation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/user_approved_ticket_creation.py -------------------------------------------------------------------------------- /user_prompt_and_block_domain.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/user_prompt_and_block_domain.json -------------------------------------------------------------------------------- /user_prompt_and_block_domain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/user_prompt_and_block_domain.png -------------------------------------------------------------------------------- /user_prompt_and_block_domain.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/user_prompt_and_block_domain.py -------------------------------------------------------------------------------- /vectra_advanced_block_host.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_advanced_block_host.json -------------------------------------------------------------------------------- /vectra_advanced_block_host.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_advanced_block_host.png -------------------------------------------------------------------------------- /vectra_advanced_block_host.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_advanced_block_host.py -------------------------------------------------------------------------------- /vectra_basic_block_host.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_basic_block_host.json -------------------------------------------------------------------------------- /vectra_basic_block_host.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_basic_block_host.png -------------------------------------------------------------------------------- /vectra_basic_block_host.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_basic_block_host.py -------------------------------------------------------------------------------- /vectra_detection_notification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_detection_notification.json -------------------------------------------------------------------------------- /vectra_detection_notification.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_detection_notification.png -------------------------------------------------------------------------------- /vectra_detection_notification.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vectra_detection_notification.py -------------------------------------------------------------------------------- /vmworld_c2_response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vmworld_c2_response.json -------------------------------------------------------------------------------- /vmworld_c2_response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vmworld_c2_response.png -------------------------------------------------------------------------------- /vmworld_c2_response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vmworld_c2_response.py -------------------------------------------------------------------------------- /vmworld_wannacry_response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vmworld_wannacry_response.json -------------------------------------------------------------------------------- /vmworld_wannacry_response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vmworld_wannacry_response.png -------------------------------------------------------------------------------- /vmworld_wannacry_response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/vmworld_wannacry_response.py -------------------------------------------------------------------------------- /zscaler_hunt_and_block_url.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_hunt_and_block_url.json -------------------------------------------------------------------------------- /zscaler_hunt_and_block_url.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_hunt_and_block_url.png -------------------------------------------------------------------------------- /zscaler_hunt_and_block_url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_hunt_and_block_url.py -------------------------------------------------------------------------------- /zscaler_malicious_file_response.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_malicious_file_response.json -------------------------------------------------------------------------------- /zscaler_malicious_file_response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_malicious_file_response.png -------------------------------------------------------------------------------- /zscaler_malicious_file_response.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_malicious_file_response.py -------------------------------------------------------------------------------- /zscaler_patient_0_parse_email.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_patient_0_parse_email.json -------------------------------------------------------------------------------- /zscaler_patient_0_parse_email.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_patient_0_parse_email.png -------------------------------------------------------------------------------- /zscaler_patient_0_parse_email.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phantomcyber/playbooks/HEAD/zscaler_patient_0_parse_email.py --------------------------------------------------------------------------------