Filters:
Supported By
Category
Tools
Alerts Triage
This playbook was made to automatically analyze all incoming threats on Siemplify, encrich it with information and then notify the analyst's via email.
By Community
Tools:
General
Brute Force Attack - Investigation
The Use Case helps an analyst on investigating multiple unsuccessful login attempts. If the login failure reason is an incorrect password, automation raises an incident and notifies the IT team
By Siemplify
Tools:
Logon
Carbon Black - Cloud Remediation
Automating Carbon Black cloud solutions to detect suspicious CMD activity, investigate its' context, and respond with power automated shell commands via the Carbon Black Cloud Live Response integration.
By Siemplify
Tools:
Cloud
Check Point - Malware Analysis and Response
Combines three Check Point products. Runs analysis of IOCs in SandBlast, enriches across ThreatCloud and additional sources, closes false positives, and updates NGFW's blocklists
By Community
Tools:
Firewall
CrowdStrike - Executable Detected
The Use Case has a Connector and the Playbook that investigates the suspicious process on an employee's computer and its' context and responds to it via CrowdStrike Falcon.
By Siemplify
Tools:
EDR
Data Leakage - Data Sent Via Email
This use case deals with a DLP alert coming from an outbound corporate mailhost, in which sensitive data is potentially being sent to an external 3rd party.
By Community
Tools:
Endpoint
Employee Violated Security Policy
A multi-purpose playbook to handle policy violations and communication with the user and management.Contains a sample alert for use case demonstration, a playbook and a reusable block.
By Siemplify
Tools:
Endpoint
Malicious Indicator Found
This Use Case provides a playbook that automatically enriches IOC across multiple security tools and gives relevant instructions to the analyst regarding remediation actions.
By Community
Tools:
General
Malware Beaconing to C&C
This solution provides an investigation and response playbook. The Siemplify automation finds similar cases and enriches IOCs in various threat intelligence sources. An analyst gets remediation instructions and can collaborate with other teams. False positives are closed automatically.
By Siemplify
Tools:
Malware
McAfee MVISION ePO
Siemplify Platform integrates with MVISION ePO to extend McAfee's policy enforcement into automated workflows that integrate with your entire security stack.
By Siemplify
Tools:
Endpoint
McAfee MVISION ePO & MVISION EDR
Siemplify integrates with MVISION ePO and MVISION EDR to launch a complete SOC management, investigation, and response platform for endpoint security alerts across your organization.
By Siemplify
Tools:
EDR
MISP - Enrichment and Triage
Playbook automates threat intelligence enrichment and triage decisions.Enrichment includes intelligence about associated actors, campaigns and other malicious indicators.
By Siemplify
Tools:
Threat Intelligence
MISP - Proactive Defense
Siemplify automates proactive response - adds new indicators to firewall blocklists and checks if any hosts in your organization interacted with them.
By Siemplify
Tools:
Threat Intelligence
MISP - Triage and Investigation
Playbook automates MISP enrichment, and retrieves from MISP related malicious entities. Automation checks if any hosts in your organization interacted with found malicious entities.
By Siemplify
Tools:
Threat Intelligence
Netskope - Sensitive File Uploaded
This use case automates an investigation and remediation of a suspicious file upload detected by Netskope
By Siemplify
Tools:
DLP
Phishing Use Case - Zero to Hero
A Phishing use case automation combining free online tools and Siemplify actions. Includes a video that helps you set everything up and get into the basics of building and customizing a playbook.
By Community
Tools:
Potential DDOS
This solution helps analysts investigate excessive traffic detections. Playbook checks IP reputation across multiple sources, identifies traffic direction and finds technique details in MITRE.
By Community
Tools:
Network
SCC & Chronicle Threat Investigation
This use case provides a baseline solution that responds automatically to SCC threats (ETD) automating a large portion of the redundant work done by security analysts.
By Siemplify
Tools:
Threat Intelligence