Use Cases

Easily address common security challenges with ready to run use cases complete with playbooks, simulated alerts and more.
Filters:
Supported By
Category
Tools
Alerts Triage
This playbook was made to automatically analyze all incoming threats on Siemplify, encrich it with information and then notify the analyst's via email.
By Community

Tools:

APIVoid

Siemplify

EmailV2

General

General

Brute Force Attack - Investigation
The Use Case helps an analyst on investigating multiple unsuccessful login attempts. If the login failure reason is an incorrect password, automation raises an incident and notifies the IT team
By Siemplify

Tools:

EmailV2

Siemplify

SiemplifyUtilities

Logon

Logon

Carbon Black - Cloud Remediation
Automating Carbon Black cloud solutions to detect suspicious CMD activity, investigate its' context, and respond with power automated shell commands via the Carbon Black Cloud Live Response integration.
By Siemplify

Tools:

EmailV2

Cloud

Cloud

Check Point - Malware Analysis and Response
Combines three Check Point products. Runs analysis of IOCs in SandBlast, enriches across ThreatCloud and additional sources, closes false positives, and updates NGFW's blocklists
By Community

Tools:

Firewall

Firewall

CrowdStrike - Executable Detected
The Use Case has a Connector and the Playbook that investigates the suspicious process on an employee's computer and its' context and responds to it via CrowdStrike Falcon.
By Siemplify

Tools:

EmailV2

EDR

EDR

Data Leakage - Data Sent Via Email
This use case deals with a DLP alert coming from an outbound corporate mailhost, in which sensitive data is potentially being sent to an external 3rd party.
By Community

Tools:

EmailV2

Endpoint

Endpoint

Employee Violated Security Policy
A multi-purpose playbook to handle policy violations and communication with the user and management.Contains a sample alert for use case demonstration, a playbook and a reusable block.
By Siemplify

Tools:

Siemplify

EmailV2

Slack

Endpoint

Endpoint

Malicious Indicator Found
This Use Case provides a playbook that automatically enriches IOC across multiple security tools and gives relevant instructions to the analyst regarding remediation actions.
By Community

Tools:

PassiveTotal

General

General

Malware Beaconing to C&C
This solution provides an investigation and response playbook. The Siemplify automation finds similar cases and enriches IOCs in various threat intelligence sources. An analyst gets remediation instructions and can collaborate with other teams. False positives are closed automatically.
By Siemplify

Tools:

Malware

Malware

McAfee MVISION ePO
Siemplify Platform integrates with MVISION ePO to extend McAfee's policy enforcement into automated workflows that integrate with your entire security stack.
By Siemplify

Tools:

Endpoint

Endpoint

McAfee MVISION ePO & MVISION EDR
Siemplify integrates with MVISION ePO and MVISION EDR to launch a complete SOC management, investigation, and response platform for endpoint security alerts across your organization.
By Siemplify

Tools:

Siemplify

EDR

EDR

MISP - Enrichment and Triage
Playbook automates threat intelligence enrichment and triage decisions.Enrichment includes intelligence about associated actors, campaigns and other malicious indicators.
By Siemplify

Tools:

Threat Intelligence

Threat Intelligence

MISP - Proactive Defense
Siemplify automates proactive response - adds new indicators to firewall blocklists and checks if any hosts in your organization interacted with them.
By Siemplify

Tools:

SentinelOneV2

Threat Intelligence

Threat Intelligence

MISP - Triage and Investigation
Playbook automates MISP enrichment, and retrieves from MISP related malicious entities. Automation checks if any hosts in your organization interacted with found malicious entities.
By Siemplify

Tools:

Threat Intelligence

Threat Intelligence

Netskope - Sensitive File Uploaded
This use case automates an investigation and remediation of a suspicious file upload detected by Netskope
By Siemplify

Tools:

Siemplify

EmailV2

DLP

DLP

Phishing Use Case - Zero to Hero
A Phishing use case automation combining free online tools and Siemplify actions. Includes a video that helps you set everything up and get into the basics of building and customizing a playbook.
By Community

Tools:

EmailV2

Potential DDOS
This solution helps analysts investigate excessive traffic detections. Playbook checks IP reputation across multiple sources, identifies traffic direction and finds technique details in MITRE.
By Community

Tools:

BulkWhoIs

EmailV2

APIVoid

Network

Network

SCC & Chronicle Threat Investigation
This use case provides a baseline solution that responds automatically to SCC threats (ETD) automating a large portion of the redundant work done by security analysts.
By Siemplify

Tools:

Siemplify

zendesk

Zendesk

ServiceNow

Jira

VirusTotalV3

Threat Intelligence

Threat Intelligence

1 2