Playbooks

Automated response and SOAR workflows

SO

Playbooks

Automated response workflows triggered by alerts and cases

+ New Playbook
Saved views
Loading playbooks…
Category
MITRE
Severity
Uses
Phishing Triagealert

Automated triage for phishing alerts — extracts IOCs, checks reputation, and escalates confirmed threats.

0 stepsv1.3by soc-team
highcritical
Edit
Endpoint Isolationmanual

Isolates a compromised endpoint via EDR API, creates a case, and notifies the IR channel.

0 stepsv2.0by ir-lead
Edit
Identity Compromisealert

Responds to suspicious identity events — resets credentials, revokes sessions, and enriches with threat intel.

0 stepsv1.1by soc-team
critical
Edit
Cloud IAM Auditscheduledisabled

Periodic audit of IAM roles and policies across AWS, GCP, and Azure — flags over-privileged accounts.

0 stepsv1.0by cloud-sec
Edit