EC2 Instance Isolation
Isolate an EC2 instance by changing its security group in order to protect it from malicious traffic. This playbook can be started alone or used from another playbook after doing investigation and notification.
This content is not mapped to any local saved search. Add mapping
How to Implement
This playbook can be triggered off of several example searches available in the Security Essentials app to take immediate action to quarantine an instance when suspicious behavior has been detected.
How To Respond
Depending on the use case, this playbook can be modified using several of the available Phantom apps to increase the scope of the actions taken in this playbook. For example using the AWS WAF or AWS IAM app, additional actions can be added based on the type of alert triggered.
EC2 Instance Isolation Help
Simply deploy Phantom and work with your technical team to deploy this.