This pack has a collection of playbooks to rapidly respond to high profile breaches with existing deployed tools in your enterprise.
The playbooks in this pack can also be used as a template to hunt and block these indicators using additional tools in your environment.
This pack contains the response playbooks for the following breaches:
- Sunburst and SolarStorm Hunting and Response
- FireEye Red Team Tools Investigation and Response
- HAFNIUM - Exchange 0-day Exploits
- Codecov Breach - Bash Uploader
- CVE-2021-22893 - Pulse Connect Secure RCE
How to enable it?
- Install the pack.
- Check if the pack has the steps that are relevant to the tools used in your environment.
- Create a job that will run this playbook on a periodic basis.