This example Phantom Playbook below provides an automated response plan to the malicious insider. Acting swiftly to gather data, disable the user, and alert the proper people within the organization is key to reducing risk and avoiding greater loss.
We’ve highlighted the Phantom Community Ransomware Playbook before on the Phantom Blog. It is a general purpose ransomware playbook that is adaptable to many different types of ransomware. Given the widespread impact of the WannaCry threat, however, we wanted to dedicate a blog entry to this particular threat and provide you with customized playbooks and … Continue reading Automate Your Response to WannaCry Ransomware
Phishing investigations is one of the most common use cases that we have observed security teams selecting to automate. We’ve written about it before, and covered it on a few Phantom Tech Sessions. Still, as I learned more about Rackspace’s use case, I thought it would be interesting to share it with the community. It’s … Continue reading Phishing in South Texas
Custom Lists are a powerful capability of the Phantom platform. Customers typically use Custom Lists to maintain a dynamic list of items that persists on the platform. The function also commonly serves a caching mechanism to reduce overburdening a service. Custom Lists are available on-platform to playbooks and externally to third-party systems. In this blog entry, we will explore … Continue reading Using Custom Lists in Phantom Playbooks
If you are one of the many security analysts that receives threat intelligence about compromised user accounts, you understand the significant amount of time it takes to investigate and respond to each report. In many practices the manual process might include: Parsing the inbound threat intelligence for Indicators of Compromise (IoCs) like username and password … Continue reading Playbook Series: Secure Compromised Accounts
One of the most powerful capabilities of the Phantom platform is its support for nested playbooks. When defining your process as a Phantom playbook, one of the four main branching choices offered by the Integrated Development Environment (IDE) is another playbook. Nesting a playbook within a playbook using the Phantom platform’s visual automation IDE. … Continue reading Playbook Series: Creating Nested Playbooks for Responding to Malware Incidents
As we approach the one-year anniversary of the Phantom security automation and orchestration platform, we wanted to look back at how new releases of the platform have enabled more sophisticated playbooks. The Phishing playbook is a great example of how new platform developments have lifted the barriers to security automation.