Phishing investigations is one of the most common use cases that we have observed security teams selecting to automate. We’ve written about it before, and covered it on a few Phantom Tech Sessions. Still, as I learned more about Rackspace’s use case, I thought it would be interesting to share it with the community. It’s … Continue reading Phishing in South Texas
Custom Lists are a powerful capability of the Phantom platform. Customers typically use Custom Lists to maintain a dynamic list of items that persists on the platform. The function also commonly serves a caching mechanism to reduce overburdening a service. Custom Lists are available on-platform to playbooks and externally to third-party systems. In this blog entry, we will explore … Continue reading Using Custom Lists in Phantom Playbooks
If you are one of the many security analysts that receives threat intelligence about compromised user accounts, you understand the significant amount of time it takes to investigate and respond to each report. In many practices the manual process might include: Parsing the inbound threat intelligence for Indicators of Compromise (IoCs) like username and password … Continue reading Playbook Series: Secure Compromised Accounts
One of the most powerful capabilities of the Phantom platform is its support for nested playbooks. When defining your process as a Phantom playbook, one of the four main branching choices offered by the Integrated Development Environment (IDE) is another playbook. Nesting a playbook within a playbook using the Phantom platform’s visual automation IDE. … Continue reading Playbook Series: Creating Nested Playbooks for Responding to Malware Incidents
As we approach the one-year anniversary of the Phantom security automation and orchestration platform, we wanted to look back at how new releases of the platform have enabled more sophisticated playbooks. The Phishing playbook is a great example of how new platform developments have lifted the barriers to security automation.
This playbook outlines how you can automate the investigation and containment of keylogger-infected endpoints. The playbook is designed to quickly investigate a suspected keylogger infection and contain it, if confirmed, until you can further investigate—reducing the chances that sensitive information will be lost.
Most security professionals will agree; the most reliable way to remediate Rootkit infections on Virtual Machines (VMs) is to re-image or revert the virtual machine to a pre-infected state. Today’s entry to our playbook series examines a Phantom playbook, included with our version 2.0 release of the platform, that automates this scenario. A visual representation … Continue reading Playbook Series: Rootkits: Automatically Remediate Virtual Machines