This playbook was made to automatically analyze all incoming threats on Siemplify, encrich it with information and then notify the analyst's via email.
Brute Force Attack - Investigation
The Use Case helps an analyst on investigating multiple unsuccessful login attempts. If the login failure reason is an incorrect password, automation raises an incident and notifies the IT team
Carbon Black - Cloud Remediation
Automating Carbon Black cloud solutions to detect suspicious CMD activity, investigate its' context, and respond with power automated shell commands via the Carbon Black Cloud Live Response integration.
Check Point - Malware Analysis and Response
Combines three Check Point products. Runs analysis of IOCs in SandBlast, enriches across ThreatCloud and additional sources, closes false positives, and updates NGFW's blocklists
CrowdStrike - Executable Detected
The Use Case has a Connector and the Playbook that investigates the suspicious process on an employee's computer and its' context and responds to it via CrowdStrike Falcon.
Data Leakage - Data Sent Via Email
This use case deals with a DLP alert coming from an outbound corporate mailhost, in which sensitive data is potentially being sent to an external 3rd party.
Employee Violated Security Policy
A multi-purpose playbook to handle policy violations and communication with the user and management.Contains a sample alert for use case demonstration, a playbook and a reusable block.
Malicious Indicator Found
This Use Case provides a playbook that automatically enriches IOC across multiple security tools and gives relevant instructions to the analyst regarding remediation actions.
Malware Beaconing to C&C
This solution provides an investigation and response playbook. The Siemplify automation finds similar cases and enriches IOCs in various threat intelligence sources. An analyst gets remediation instructions and can collaborate with other teams. False positives are closed automatically.
McAfee MVISION ePO
Siemplify Platform integrates with MVISION ePO to extend McAfee's policy enforcement into automated workflows that integrate with your entire security stack.
McAfee MVISION ePO & MVISION EDR
Siemplify integrates with MVISION ePO and MVISION EDR to launch a complete SOC management, investigation, and response platform for endpoint security alerts across your organization.
MISP - Enrichment and Triage
Playbook automates threat intelligence enrichment and triage decisions.Enrichment includes intelligence about associated actors, campaigns and other malicious indicators.
MISP - Proactive Defense
Siemplify automates proactive response - adds new indicators to firewall blocklists and checks if any hosts in your organization interacted with them.
MISP - Triage and Investigation
Playbook automates MISP enrichment, and retrieves from MISP related malicious entities. Automation checks if any hosts in your organization interacted with found malicious entities.
Netskope - Sensitive File Uploaded
This use case automates an investigation and remediation of a suspicious file upload detected by Netskope
Phishing Use Case - Zero to Hero
A Phishing use case automation combining free online tools and Siemplify actions. Includes a video that helps you set everything up and get into the basics of building and customizing a playbook.
This solution helps analysts investigate excessive traffic detections. Playbook checks IP reputation across multiple sources, identifies traffic direction and finds technique details in MITRE.
SCC & Chronicle Threat Investigation
This use case provides a baseline solution that responds automatically to SCC threats (ETD) automating a large portion of the redundant work done by security analysts.