Workflow
1. Phishing Email Analysis
Automate the extraction of indicators of compromise (IOCs) from phishing emails and check them against threat intelligence.
2. Malware Analysis
Automatically submit suspicious files to a malware analysis sandbox and retrieve the results.
3. Automated Enrichment
Automatically enrich IOCs with threat intelligence to provide context during analysis.
4. Blocking Malicious IPs
Automatically block malicious IP addresses at the firewall or other security devices.
5. User Verification
Automatically verify the status of a user when suspicious activity is detected.
6. Password Reset
Implement an automated workflow for user password resets following a potential compromise.
7. Disabling User Accounts
Automatically disable user accounts that are suspected to be compromised.
8. Quarantine Endpoint
Isolate endpoints that are suspected to be compromised to prevent lateral movement.
9. Data Exfiltration Detection
Implement workflows to detect and respond to potential data exfiltration.
10. Ransomware Response
Automate responses to ransomware, such as isolating affected systems and restoring backups.
11. Patch Management
Automate the detection and deployment of patches for known vulnerabilities.
12. Incident Ticket Creation
Automatically create incident tickets in the ITSM tool during an incident.
13. User Notification
Notify users automatically in case of incidents that might affect them.
14. Incident Documentation
Automatically document all actions taken during an incident for post-mortem analysis.
15. Threat Indicator Sharing
Share threat indicators with external threat sharing platforms automatically.
16. SSL Certificate Renewal
Implement workflows to check and renew SSL certificates as needed.
17. Backup Verification
Automate the verification of backups to ensure they are valid and usable.
18. Cloud Security Monitoring
Implement workflows to monitor cloud environments for misconfigurations and security incidents.
19. VPN Monitoring
Monitor VPN logs for abnormal activities and implement automated responses.
20. DDoS Mitigation
Implement workflows to detect and mitigate DDoS attacks, such as adjusting firewall rules or enabling DDoS protection services.
Last updated