Skip to main content

Phishing - Core

Provides a basic response to phishing incidents.

Playbook features:

  • Calculates reputation for all indicators.
  • Extracts indicators from email attachments.
  • Calculates severity for the incident based on indicator reputation.
  • Updates reporting user about investigation status.
  • Allows manual remediation of the incident.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Process Email - Core
  • Extract Indicators From File - Generic v2

Integrations#

  • Builtin

Scripts#

This playbook does not use any scripts.

Commands#

  • rasterize
  • send-mail
  • setIncident
  • rasterize-email
  • closeInvestigation

Playbook Inputs#


NameDescriptionDefault ValueRequired
GetURLScreenshotsWhether the user wants the Rasterize integration to produce images of URLs that are involved in the incident. If "True", screenshots will be taken.TrueOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Phishing_Core