Investigates and remediates potential phishing incidents. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself.
The final remediation tasks are always decided by a human analyst.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Process Email - Generic
- Email Address Enrichment - Generic
- Search And Delete Emails - Generic
- Detonate File - Generic
- Extract Indicators From File - Generic
- Entity Enrichment - Generic
- Block Indicators - Generic
|Role||The default role to assign the incident to.||Administrator||Required|
|SearchAndDelete||Enable the ||False||Optional|
|BlockIndicators||Enable the ||False||Optional|
There are no outputs for this playbook.