Automate Your Response to WannaCry Ransomware

We’ve highlighted the Phantom Community Ransomware Playbook before on the Phantom Blog. It is a general purpose ransomware playbook that is adaptable to many different types of ransomware. Given the widespread impact of the WannaCry threat, however, we wanted to dedicate a blog entry to this particular threat and provide you with customized playbooks and … Continue reading Automate Your Response to WannaCry Ransomware

Using Custom Lists in Phantom Playbooks

Custom Lists are a powerful capability of the Phantom platform.  Customers typically use Custom Lists to maintain a dynamic list of items that persists on the platform. The function also commonly serves a caching mechanism to reduce overburdening a service. Custom Lists are available on-platform to playbooks and externally to third-party systems. In this blog entry, we will explore … Continue reading Using Custom Lists in Phantom Playbooks

Playbook Series: Secure Compromised Accounts

If you are one of the many security analysts that receives threat intelligence about compromised user accounts, you understand the significant amount of time it takes to investigate and respond to each report. In many practices the manual process might include: Parsing the inbound threat intelligence for Indicators of Compromise (IoCs) like username and password … Continue reading Playbook Series: Secure Compromised Accounts

Playbook Series: Creating Nested Playbooks for Responding to Malware Incidents

One of the most powerful capabilities of the Phantom platform is its support for nested playbooks. When defining your process as a Phantom playbook, one of the four main branching choices offered by the Integrated Development Environment (IDE) is another playbook. Nesting a playbook within a playbook using the Phantom platform’s visual automation IDE.   … Continue reading Playbook Series: Creating Nested Playbooks for Responding to Malware Incidents

Playbook Series: The evolution of the Phishing playbook

As we approach the one-year anniversary of the Phantom security automation and orchestration platform, we wanted to look back at how new releases of the platform have enabled more sophisticated playbooks. The Phishing playbook is a great example of how new platform developments have lifted the barriers to security automation.