Prompt and Block Domain

Description

This playbook utilizes a reputation check to generate the risk level of a domain, and, if a high enough score blocks the domain on for 60 minutes after approval via user prompt.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring, SOC Automation

Category

Account Compromise, Account Sharing, Cloud Security, IAM Analytics, Insider Threat, SaaS

Security Impact

This is a great example of a playbook that automates some actions but prompts and analyst for how to best proceed. This playbook can be expanded to take action automatically based on certain scores and only prompt an analyst for anything in a gray area.

Alert Volume

Very Low

Journey

Stage 5

Data Sources

Web Proxy

   How to Implement

Playbooks can be designed to run with full end-to-end automation, but in this example an analyst can be prompted to make a decision on how to procede based on the information returned from the domain reputation check.

   How To Respond

This playbook is designed to prompt an analyst about whether or not a domain should be blocked. This playbook can be expanded to support other types of data such as hashes or IP's.

   Help

Prompt and Block Domain Help

Simply deploy Phantom and work with your technical team to deploy this.

Screenshot of Demo Data