Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom platform. Ransomware is one the leading threats facing organizations today. With volumes of malicious inbound emails and already infected devices within your environment, … Continue reading Playbook: Detect, Block, Contain, and Remediate Ransomware
If you are one of the many security analysts that receives threat intelligence about compromised user accounts, you understand the significant amount of time it takes to investigate and respond to each report. In many practices the manual process might include: Parsing the inbound threat intelligence for Indicators of Compromise (IoCs) like username and password … Continue reading Playbook Series: Secure Compromised Accounts
This playbook outlines how you can automate the investigation and containment of keylogger-infected endpoints. The playbook is designed to quickly investigate a suspected keylogger infection and contain it, if confirmed, until you can further investigate—reducing the chances that sensitive information will be lost.
Most security professionals will agree; the most reliable way to remediate Rootkit infections on Virtual Machines (VMs) is to re-image or revert the virtual machine to a pre-infected state. Today’s entry to our playbook series examines a Phantom playbook, included with our version 2.0 release of the platform, that automates this scenario. A visual representation … Continue reading Playbook Series: Rootkits: Automatically Remediate Virtual Machines
Phishing emails are not a new type of threat to most security professionals, but dealing with the growing volume and potential impact of them require an innovative solution. Today’s entry to our Playbook Series focuses on automating your Incident Response (IR) workflow for this common threat. The Phantom security automation and orchestration platform includes a sample … Continue reading Playbook Series: Phishing: Automate and Orchestrate Your Investigation and Response
Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the sample playbooks included with the Phantom 2.0 platform release. The Phantom platform can automatically gather threat intelligence for you and enrich inbound security events. With the added context … Continue reading Playbook Series: Enrich Security Events with External Threat Intelligence
The Phantom platform can receive community-based intelligence and automatically execute enrichment and threat hunting steps for every IOC and artifact within your environment.