The Most Used Playbook series brings you the production playbooks noted by our professional services team as being most utilized and favored by customer SOCs. These playbooks implement best practice workflows for alert handling, alerts investigation, incident response and automation plans.
80% of recently reported successful attacks began with deceptively simple phishing e-mails. 10% of all SOC alerts relate in some way to phishing attacks. Of these, 80% can be blocked, but these still require many hours of investigation to validate outcomes. That’s why organizations are constantly seeking innovative time-saving solutions. The following phishing playbook presents a consumer-tested workflow for security professionals.
Playbook Steps Summary
The primary goal is to identify all affected users as soon as possible. We collect evidence of the attack across the whole organization; perform automated analysis of IP, hosts and URLs; and block malicious contacts (including attack sender and URLs). For future prevention of human error, the playbook also automatically sends awareness content to affected user
* The playbooks demonstrate only the most popular rules that generate the described attack vectors.
* All playbooks are fully customizable to the capabilities and the tools in your SOC.