Hunt for internal sightings of malicious files or connections to malicious domains or IP addresses.
This content is not mapped to any local saved search. Add mapping
How to Implement
The threat hunting playbook uses Splunk as well as EDR tools to hunt for indicators in the environment. Additional actions in the playbook can be used to get additional information about the indicators and further investigate any malicious files discovered.
How To Respond
This playbook can be used to further investigate any discovered malicious connections or files in the environment. The playbook can also be re-arranged to perform investigative actions first to enrich threat intel data before hunting for it, as well as being used in conjunction with other playbooks.
Threat Hunting Help
Simply deploy Phantom and work with your technical team to deploy this.