Playbook for Automated Phishing
The Automated Phishing playbook helps you resolve certain types of security threats in a step-by-step manner. With the flow designer templates, you can automate the steps in the phishing response playbook and resolve incidents quickly and efficiently.
You can use templates authored with flow designer to automate the tasks in the Phishing Response Playbook to analyze and resolve phishing attacks in your organization.
- Security Incident - Automated Phishing Response Template: This template is designed to automate the phishing response tasks and contains a sequence of actions including a trigger.
- Security Incident - Phishing Manual Template: This template is the existing manual phishing response workflow. Set the category to Phishing to activate the flow.
- Run Threat Lookups for Observables: Performs threat lookups of selected observables.
- Enrich Observables: Allows you to enrich observables with additional information from various sources.
- Assess Phishing Email Impact: Allows you to assess the impact of the phishing email. When you receive an email at the phishing email address, this subflow parses the .EML attachment and compares the information to the email matching rules.
- Eradicate Phishing Emails: Allows you to delete or eradicate phishing emails to help reduce exposure to a specific attack.
- Run Sighting Search on Observables: Determines the prevalence of a threat over time or test remediation or eradication efforts.
- Create Block Requests: Blocks communication with observables associated with the incident.
These subflows represent a set of reusable operations that you can use in multiple playbooks. You can use these subflows to define custom templates (flows) according to your requirements.
To create custom templates (flows), follow the instructions in Flows.