- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Phishing is involved in almost 40% of security incidents, according to the 2022 Unit 42 Incident Response Threat Report. Attacks that once relied on poorly written phishing emails to find victims have rapidly increased in sophistication and targeting due to the growing amount of personal information easily found on the internet.
SOC analysts might encounter many types of phishing attacks daily, from opportunistic campaigns to spear phishing, including attachments or just probing for more information. Attackers use phishing techniques to deliver malicious payloads or harvest information for sale or future use. Since phishing email deployment only requires the click of a button, the sheer volume of emails to analyze can be overwhelming and quickly consume SOC resources. If we know analysts are faced with these threats, we need to equip them with the proper tools.
With Cortex XSOAR, phishing responses can easily be automated and it is one of the most popular use cases for automation.
The Phishing pack helps organizations reduce the time spent managing phishing alerts and provides a standardized, methodical process to handle phishing.
The main playbook helps to:
The pack also leverages machine learning to intelligently identify phishing campaigns targeting multiple users in the organization, linking them together and allowing full interaction and control over the campaign from within the incident layout.
The phishing content pack helps automate phishing response via the following steps:
As part of this pack, you will also get out-of-the-box phishing incident views, a full layout, and automation scripts. These are all easily customizable to suit the needs of your organization.
Cortex XSOAR introduced the use case deployment wizard to ease the integration process and playbook parameter configurations (about the wizard). The deployment wizard was introduced earlier this year to help customers adopt automation from the XSOAR marketplace faster and more efficiently.
The wizard has three main phases:
For more information on the Cortex XSOAR Phishing pack, including a quick demo, visit the Phishing page on the Cortex Marketplace. If you need to respond to phishing alerts ingested from email gateway integrations, check out the Phishing Alerts content pack (Phishing content pack required).
Don’t have Cortex XSOAR? Download your free Community Edition today to test out this playbook and hundreds more automations for common use cases you deal with daily in your security operations or SOC.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
1 Like | |
1 Like | |
1 Like | |
1 Like |