|
3CXDesktopApp Supply Chain Attack
|
3CXDesktopApp Supply Chain Attack
|
55 |
8 |
0 |
|
ACTI Block High Severity Indicators
Deprecated
|
Accenture CTI v2
|
7 |
3 |
0 |
|
ACTI Block Indicators from an Incident
Deprecated
|
Accenture CTI v2
|
6 |
0 |
0 |
|
ACTI Create Report-Indicator Associations
Deprecated
|
Accenture CTI v2
|
47 |
9 |
0 |
|
ACTI Incident Enrichment
|
Accenture CTI v2
|
14 |
6 |
0 |
|
ACTI Indicator Enrichment
Deprecated
|
Accenture CTI v2
|
8 |
3 |
6 |
|
ACTI Report Enrichment
Deprecated
|
Accenture CTI v2
|
3 |
5 |
5 |
|
ACTI Vulnerability Enrichment
Deprecated
|
Accenture CTI v2
|
5 |
0 |
0 |
|
ASM Issue Incident Response - Google Threat Intelligence
|
GoogleThreatIntelligence
|
21 |
4 |
0 |
|
ATD - Detonate File
|
McAfee Advanced Threat Defense
|
12 |
3 |
32 |
|
AWS - User Investigation
|
AWS Enrichment and Remediation
|
27 |
2 |
9 |
|
AWS IAM - User enrichment
|
AWS - IAM
|
4 |
1 |
10 |
|
AWS IAM User Access Investigation
Deprecated
|
Core
|
15 |
5 |
0 |
|
AWS IAM User Access Investigation - Remediation
Deprecated
|
Core
|
16 |
7 |
0 |
|
Access Investigation - Generic - NIST
|
NIST
|
46 |
6 |
17 |
|
Access Investigation - QRadar
Deprecated
|
IBM QRadar
|
11 |
0 |
0 |
|
Accessdata: Dump memory for malicious process
Deprecated
|
Accessdata (Deprecated)
|
15 |
2 |
2 |
|
Account Enrichment
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
Account Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
8 |
1 |
8 |
|
Account Enrichment - Generic v2
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
1 |
8 |
|
Account Enrichment - Generic v2.1
|
Common Playbooks
|
39 |
2 |
145 |
|
Acquire And Analyze Host Forensics
|
Windows Forensics
|
5 |
1 |
0 |
|
Active Directory Investigation
|
Active Directory Query
|
10 |
0 |
0 |
|
Add Employees to Departing Employee Watchlist
|
Code42
|
14 |
2 |
0 |
|
Add Employees to New Hire Watchlist
|
Code42
|
14 |
2 |
0 |
|
Add IOCs - Cofense Vision
|
Cofense Vision
|
12 |
8 |
0 |
|
Add Indicator to Miner - Palo Alto MineMeld
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
6 |
2 |
0 |
|
Add Note - Vectra Detect
|
Vectra AI
|
6 |
2 |
0 |
|
Add Note - Vectra XDR
|
Vectra XDR
|
6 |
0 |
0 |
|
Agari Message Remediation - Agari Phishing Defense
|
Agari Phishing Defense
|
36 |
10 |
0 |
|
Akamai WAF - Activate Network Lists
|
Akamai WAF
|
6 |
4 |
0 |
|
Analyst1 Integration Demonstration
|
Analyst1
|
12 |
0 |
0 |
|
Anomali Enterprise Forensic Search
|
Anomali Enterprise
|
6 |
3 |
9 |
|
Arcanna-Generic-Investigation
|
ArcannaAI
|
13 |
0 |
0 |
|
Arcanna-Generic-Investigation-V2-With-Feedback
Deprecated Hidden
|
ArcannaAI
|
16 |
0 |
0 |
|
Archer initiate incident
Deprecated
|
RSA Archer
|
2 |
0 |
0 |
|
Arcsight - Get events related to the Case
|
ArcSight ESM
|
14 |
0 |
0 |
|
Asimily Asset Info Enrich
|
Asimily Insight
|
5 |
0 |
0 |
|
Assess Wiz Issues
|
Wiz
|
7 |
0 |
0 |
|
Assess WizDefend Detections
|
Wiz
|
9 |
0 |
0 |
|
Assign Active Incidents to Next Shift
|
Shift Management - Assign to Next Shift
|
7 |
1 |
0 |
|
Assign Active Incidents to Next Shift V2
|
Shift Management
|
9 |
1 |
0 |
|
Auto Add Assets - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
5 |
2 |
0 |
|
Auto Update Or Remove Assets - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
6 |
1 |
0 |
|
AutoFocusPolling
|
AutoFocus by Palo Alto Networks
|
6 |
8 |
3 |
|
Autofocus - File Indicators Hunting
Deprecated
|
AutoFocus by Palo Alto Networks
|
7 |
10 |
36 |
|
Autofocus - Hunting And Threat Detection
Deprecated
|
AutoFocus by Palo Alto Networks
|
5 |
14 |
36 |
|
Autofocus - Traffic Indicators Hunting
Deprecated
|
AutoFocus by Palo Alto Networks
|
20 |
11 |
36 |
|
Autofocus Query Samples, Sessions and Tags
Deprecated
|
AutoFocus by Palo Alto Networks
|
15 |
19 |
3 |
|
Azure - User Investigation
|
Azure Enrichment and Remediation
|
36 |
4 |
19 |
|
Azure Configuration Analysis
Deprecated Hidden
|
Microsoft Policy And Compliance (Deprecated)
|
16 |
2 |
0 |
|
Azure Hunting playbook
Deprecated Hidden
|
Microsoft Policy And Compliance (Deprecated)
|
19 |
0 |
0 |
|
BeyondTrust Retrieve Credentials
|
BeyondTrust Password Safe
|
7 |
0 |
3 |
|
Block Account - Generic
Deprecated
|
Common Playbooks
|
9 |
2 |
0 |
|
Block Account - Generic v2
|
Common Playbooks
|
64 |
4 |
1 |
|
Block Domain - Cisco Stealthwatch
|
Cisco Secure Network Analytics (Stealthwatch)
|
5 |
1 |
0 |
|
Block Domain - External Dynamic List
|
Generic Export Indicators Service
|
4 |
2 |
0 |
|
Block Domain - FireEye Email Security
|
FireEye Email Security (EX)
|
5 |
1 |
0 |
|
Block Domain - Generic
Deprecated
|
Common Playbooks
|
7 |
2 |
0 |
|
Block Domain - Generic v2
|
Common Playbooks
|
9 |
4 |
0 |
|
Block Domain - Proofpoint Threat Response
|
Proofpoint Threat Response
|
5 |
3 |
0 |
|
Block Domain - Symantec Messaging Gateway
|
Symantec Messaging Gateway
|
5 |
1 |
0 |
|
Block Domain - Trend Micro Apex One
|
TrendAI™ Apex One
|
5 |
2 |
0 |
|
Block Domain - Zscaler
|
Zscaler Internet Access
|
5 |
1 |
0 |
|
Block Email - Generic
Deprecated
|
Common Playbooks
|
4 |
3 |
0 |
|
Block Email - Generic v2
|
Common Playbooks
|
14 |
1 |
0 |
|
Block Endpoint - Carbon Black Response
Deprecated
|
Carbon Black Enterprise Response
|
6 |
1 |
5 |
|
Block Endpoint - Carbon Black Response V2
Deprecated
|
Carbon Black Enterprise Response
|
6 |
2 |
5 |
|
Block Endpoint - Carbon Black Response V2.1
|
Carbon Black Enterprise Response
|
8 |
2 |
50 |
|
Block File - Carbon Black Response
|
Carbon Black Enterprise Response
|
5 |
2 |
3 |
|
Block File - Cybereason
|
Cybereason
|
5 |
1 |
3 |
|
Block File - Cylance Protect v2
|
Cylance Protect
|
5 |
2 |
3 |
|
Block File - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
3 |
1 |
3 |
|
Block File - Generic v2
|
Common Playbooks
|
14 |
3 |
3 |
|
Block IOCs from CSV - External Dynamic List
Deprecated Hidden
|
Palo Alto Networks PAN-OS EDL Management (Deprecated)
|
7 |
10 |
0 |
|
Block IP - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
11 |
2 |
28 |
|
Block IP - Generic v2
Deprecated
|
Common Playbooks
|
24 |
9 |
28 |
|
Block IP - Generic v3
|
Common Playbooks
|
77 |
16 |
17 |
|
Block Indicator - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
14 |
4 |
0 |
|
Block Indicator - Infoblox NIOS
|
Infoblox NIOS
|
20 |
2 |
0 |
|
Block Indicators - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
8 |
5 |
27 |
|
Block Indicators - Generic v2
Deprecated
|
Common Playbooks
|
9 |
22 |
27 |
|
Block Indicators - Generic v3
|
Common Playbooks
|
19 |
29 |
28 |
|
Block URL - Generic
Deprecated
|
Common Playbooks
|
14 |
10 |
0 |
|
Block URL - Generic v2
|
Common Playbooks
|
33 |
11 |
0 |
|
BreachRx - Create Incident and get Active Tasks
|
BreachRx
|
3 |
0 |
1 |
|
Bring Asset Data Back - Infoblox NIOS
|
Infoblox NIOS
|
9 |
6 |
0 |
|
Brute Force Investigation - Generic - SANS
|
SANS
|
54 |
21 |
0 |
|
C2SEC-Domain Scan
|
C2sec irisk
|
12 |
3 |
0 |
|
CCTV Motion Detected
|
UnifiVideo NVR
|
16 |
6 |
0 |
|
CTF 1 - Get to know XSOAR8
|
Capture The Flag - 01
|
17 |
0 |
0 |
|
CTF 2 - Classify an incident - RDP Brute force
|
Capture The Flag - 02
|
23 |
0 |
0 |
|
CVE Enrichment - Generic
Deprecated
|
CVE Search (Deprecated)
|
10 |
2 |
6 |
|
CVE Enrichment - Generic v2
|
Common Playbooks
|
13 |
1 |
17 |
|
CVE Exposure - RiskSense
|
RiskSense
|
12 |
2 |
3 |
|
CVE Ticket Creation - Google Threat Intelligence
|
GoogleThreatIntelligence
|
24 |
2 |
0 |
|
CVE-2021-22893 - Pulse Connect Secure RCE
|
Rapid Breach Response
|
35 |
11 |
0 |
|
CVE-2021-22893 - Pulse Connect Secure RCE
|
Rapid Breach Response
|
35 |
13 |
0 |
|
CVE-2021-34527 | CVE-2021-1675 - PrintNightmare
|
Rapid Breach Response
|
35 |
3 |
0 |
|
CVE-2021-40444 - MSHTML RCE
|
CVE-2021-40444 - MSHTML RCE
|
56 |
6 |
0 |
|
CVE-2021-40444 - MSHTML RCE
|
CVE-2021-40444 - MSHTML RCE
|
56 |
9 |
0 |
|
CVE-2021-44228 - Log4j RCE
|
CVE-2021-44228 - Log4j RCE
|
82 |
12 |
0 |
|
CVE-2021-44228 - Log4j RCE
|
CVE-2021-44228 - Log4j RCE
|
82 |
14 |
0 |
|
CVE-2022-26134 - Confluence RCE
|
CVE-2022-26134 - Confluence RCE
|
51 |
7 |
0 |
|
CVE-2022-26134 - Confluence RCE
|
CVE-2022-26134 - Confluence RCE
|
50 |
8 |
0 |
|
CVE-2022-30190 - MSDT RCE
|
CVE-2022-30190 - MSDT RCE
|
45 |
8 |
0 |
|
CVE-2022-3786 & CVE-2022-3602 - OpenSSL X.509 Buffer Overflows
|
CVE-2022-3786 & CVE-2022-3602 - OpenSSL X.509 Buffer Overflows
|
49 |
8 |
0 |
|
CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell
|
CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell
|
76 |
9 |
0 |
|
CVE-2023-23397 - Microsoft Outlook EoP
|
CVE-2023-23397 - Microsoft Outlook EoP
|
57 |
6 |
0 |
|
CVE-2023-34362 - MOVEit Transfer SQL Injection
|
CVE-2023-34362 - MOVEit Transfer SQL Injection
|
63 |
8 |
0 |
|
CVE-2023-36884 - Microsoft Office and Windows HTML RCE
|
CVE-2023-36884 - Microsoft Office and Windows HTML RCE
|
51 |
8 |
0 |
|
CVE-2024-47575 - FortiManager Authentication Bypass
|
CVE-2024-47575 - FortiManager Authentication Bypass
|
14 |
1 |
0 |
|
CVE-2024-6387 - OpenSSH RegreSSHion RCE
|
CVE-2024-6387 - OpenSSH RegreSSHion RCE
|
23 |
4 |
0 |
|
Calculate Severity - 3rd-party integrations
|
Common Playbooks
|
11 |
2 |
1 |
|
Calculate Severity - Cortex XDR Risky Assets
|
Cortex XDR by Palo Alto Networks
|
14 |
2 |
2 |
|
Calculate Severity - Critical Assets v2
|
Common Playbooks
|
32 |
5 |
6 |
|
Calculate Severity - Critical assets
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
5 |
1 |
|
Calculate Severity - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
10 |
5 |
0 |
|
Calculate Severity - Generic v2
|
Common Playbooks
|
15 |
11 |
5 |
|
Calculate Severity - Indicators DBotScore
|
Common Playbooks
|
8 |
1 |
1 |
|
Calculate Severity - Standard
|
Common Playbooks
|
10 |
2 |
0 |
|
Calculate Severity By Highest DBotScore
|
Common Playbooks
|
10 |
2 |
1 |
|
Caldera Operation
|
MITRE Caldera
|
9 |
0 |
0 |
|
California - Breach Notification
|
US - Breach Notification
|
32 |
7 |
8 |
|
Carbon Black EDR - Enrich Process
|
Carbon Black Enterprise Response
|
4 |
3 |
0 |
|
Carbon Black Live Response - Create active session
|
Carbon Black Enterprise Live Response
|
4 |
1 |
1 |
|
Carbon Black Live Response - Download File
|
Carbon Black Enterprise Live Response
|
8 |
2 |
10 |
|
Carbon Black Live Response - Wait Until Command Complete
|
Carbon Black Enterprise Live Response
|
3 |
2 |
0 |
|
Carbon Black Rapid IOC Hunting
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
Carbon Black Response - Unisolate Endpoint
|
Carbon Black Enterprise Response
|
8 |
1 |
0 |
|
Carbon black Protection Rapid IOC Hunting
|
Carbon Black Enterprise Protection
|
6 |
0 |
0 |
|
Case Management - Generic
|
CaseManagement-Generic
|
9 |
0 |
0 |
|
Change Management
|
Change Management
|
5 |
27 |
0 |
|
Check For Content Installation
|
XSOAR Content Update Notifications
|
13 |
1 |
2 |
|
Check IP Address For Whitelisting - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
7 |
2 |
2 |
|
Check Incydr Status and Close XSOAR Incident
|
Code42
|
8 |
2 |
0 |
|
Check Indicators For Unknown Assets - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
9 |
2 |
2 |
|
Check WebEx Feed
Deprecated
|
Cisco WebEx Feed
|
7 |
0 |
0 |
|
Checkpoint Firewall Configuration Backup Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
9 |
0 |
0 |
|
ChronicleAsset Investigation - Chronicle
|
Google SecOps
|
13 |
4 |
2 |
|
CimTrak - Example - Scan Compliance By IP
|
CimTrak - System Integrity Assurance
|
4 |
1 |
0 |
|
Claroty Incident
|
Claroty
|
5 |
0 |
0 |
|
Claroty Manage Asset CVEs
|
Claroty
|
8 |
0 |
0 |
|
Cloaked Ursa Diplomatic Phishing Campaign
|
Cloaked Ursa Diplomatic Phishing Campaign
|
42 |
9 |
0 |
|
Close All Duplicate XSOAR Incidents - Vectra Detect
|
Vectra AI
|
4 |
4 |
0 |
|
Close Duplicate XSOAR Incidents - Vectra Detect
|
Vectra AI
|
5 |
4 |
0 |
|
Close Related XSOAR and Incydr Incidents
|
Code42
|
8 |
0 |
0 |
|
Cloud Compute Enrichment - Generic
|
Common Playbooks
|
9 |
6 |
27 |
|
Cloud Credentials Rotation - AWS
|
AWS Enrichment and Remediation
|
36 |
9 |
4 |
|
Cloud Credentials Rotation - Azure
|
Azure Enrichment and Remediation
|
14 |
5 |
2 |
|
Cloud Credentials Rotation - GCP
|
GCP Enrichment and Remediation
|
18 |
7 |
3 |
|
Cloud Credentials Rotation - Generic
|
Common Playbooks
|
6 |
18 |
9 |
|
Cloud Data Exfiltration Response
|
Cloud Incident Response
|
26 |
7 |
0 |
|
Cloud Enrichment - Generic
|
Common Playbooks
|
4 |
9 |
22 |
|
Cloud IAM Enrichment - Generic
|
Common Playbooks
|
25 |
4 |
24 |
|
Cloud IAM User Access Investigation
|
Cloud Incident Response
|
23 |
33 |
0 |
|
Cloud Response - AWS
|
AWS Enrichment and Remediation
|
36 |
12 |
0 |
|
Cloud Response - Azure
|
Azure Enrichment and Remediation
|
28 |
9 |
0 |
|
Cloud Response - GCP
|
GCP Enrichment and Remediation
|
40 |
14 |
0 |
|
Cloud Response - Generic
|
Common Playbooks
|
12 |
23 |
0 |
|
Cloud Threat Hunting - Persistence
|
Cloud Incident Response
|
23 |
8 |
7 |
|
Cloud Token Theft - Set Verdict
|
Cloud Incident Response
|
12 |
2 |
2 |
|
Cloud Token Theft Response
|
Cloud Incident Response
|
42 |
11 |
0 |
|
Cloud User Investigation - Generic
|
Common Playbooks
|
12 |
8 |
36 |
|
Cluster Report Categorization - Cofense Triage v3
|
Cofense Triage
|
6 |
2 |
0 |
|
Code42 Add Departing Employee From Ticketing System v2
|
Code42
|
6 |
1 |
0 |
|
Code42 Copy File To Ticketing System v2
|
Code42
|
5 |
3 |
0 |
|
Code42 Exfiltration Playbook
|
Code42
|
25 |
5 |
0 |
|
Code42 File Download
|
Code42
|
7 |
4 |
10 |
|
Code42 File Search
|
Code42
|
7 |
2 |
44 |
|
Code42 File Search v2
|
Code42
|
7 |
2 |
18 |
|
Code42 Security Alert
|
Code42
|
8 |
0 |
0 |
|
Code42 Suspicious Activity Action v2
|
Code42
|
8 |
3 |
0 |
|
Code42 Suspicious Activity Review v2
|
Code42
|
9 |
3 |
0 |
|
Codecov Breach - Bash Uploader
|
Rapid Breach Response
|
25 |
6 |
0 |
|
Command-Line Analysis
|
Common Playbooks
|
34 |
2 |
16 |
|
Commvault Suspicious File Activity Remediation
|
Commvault Cloud
|
9 |
0 |
0 |
|
Compare Process Execution Arguments To LOLBAS Patterns
|
LOLBAS Feed
|
8 |
3 |
1 |
|
Comprehensive PAN-OS Best Practice Assessment (Deprecated)
Deprecated
|
Best Practice Assessment (BPA) by Palo Alto Networks (Deprecated)
|
7 |
1 |
0 |
|
Compromised Credentials Match - Flashpoint
|
Flashpoint
|
11 |
3 |
0 |
|
Configuration Setup
|
XSOAR CI/CD
|
31 |
2 |
0 |
|
Containment Plan
|
Common Playbooks
|
18 |
17 |
4 |
|
Containment Plan - Block Indicators
|
Common Playbooks
|
15 |
10 |
1 |
|
Containment Plan - Clear User Sessions
|
Common Playbooks
|
15 |
3 |
0 |
|
Containment Plan - Disable Account
|
Common Playbooks
|
6 |
3 |
1 |
|
Containment Plan - Isolate Device
|
Common Playbooks
|
11 |
3 |
1 |
|
Containment Plan - Quarantine File
|
Common Playbooks
|
16 |
6 |
1 |
|
Content Update Check
Deprecated Hidden
|
XSOAR Content Update Notifications
|
28 |
4 |
0 |
|
Content Update Manager
|
XSOAR Content Update Notifications
|
46 |
7 |
0 |
|
Content developer setup
|
Tidy
|
25 |
3 |
1 |
|
Context Polling - DT
|
Common Playbooks
|
5 |
7 |
0 |
|
Context Polling - Generic
|
Common Playbooks
|
3 |
4 |
0 |
|
Convert file hash to corresponding hashes
|
Common Playbooks
|
20 |
3 |
4 |
|
Cortex XDR - AWS IAM user access investigation
Deprecated
|
Cortex XDR by Palo Alto Networks
|
35 |
4 |
0 |
|
Cortex XDR - Block File
|
Cortex XDR by Palo Alto Networks
|
5 |
1 |
0 |
|
Cortex XDR - CVE-2025-31324 - SAP NetWeaver Visual Composer
|
CVE-2025-31324 - SAP NetWeaver Visual Composer
|
63 |
4 |
0 |
|
Cortex XDR - CVE-2025-49704 and CVE-2025-49706 and CVE-2025-53770 and CVE-2025-53771 - Microsoft SharePoint ToolShell vulnerability chain
|
CVE-2025-49704 and CVE-2025-49706 and CVE-2025-53770 and CVE-2025-53771 - Microsoft SharePoint ToolShell vulnerability chain
|
76 |
0 |
0 |
|
Cortex XDR - CVE-2025-59287 - Microsoft WSUS Remote Code Execution
|
CVE-2025-59287 - Microsoft WSUS Remote Code Execution
|
54 |
0 |
0 |
|
Cortex XDR - Cloud Data Exfiltration Response
|
Cloud Incident Response
|
22 |
8 |
0 |
|
Cortex XDR - Cloud Enrichment
|
Cloud Incident Response
|
22 |
2 |
9 |
|
Cortex XDR - Cloud IAM User Access Investigation
|
Cloud Incident Response
|
16 |
14 |
0 |
|
Cortex XDR - Display Risky Assets
|
Cortex XDR by Palo Alto Networks
|
12 |
2 |
0 |
|
Cortex XDR - Endpoint Investigation
|
Cortex XDR by Palo Alto Networks
|
57 |
22 |
14 |
|
Cortex XDR - Execute commands
Deprecated
|
Cortex XDR by Palo Alto Networks
|
5 |
4 |
0 |
|
Cortex XDR - Execute snippet code script
Deprecated
|
Cortex XDR by Palo Alto Networks
|
5 |
2 |
1 |
|
Cortex XDR - False Positive Incident Handling
|
Cortex XDR by Palo Alto Networks
|
14 |
6 |
0 |
|
Cortex XDR - First SSO Access
Deprecated
|
Cortex XDR by Palo Alto Networks
|
40 |
25 |
0 |
|
Cortex XDR - First SSO Access - Set Verdict
Deprecated
|
Cortex XDR by Palo Alto Networks
|
24 |
15 |
1 |
|
Cortex XDR - Get File Path from alerts by hash
|
Cortex XDR by Palo Alto Networks
|
5 |
1 |
1 |
|
Cortex XDR - Get entity alerts by MITRE tactics
|
Cortex XDR by Palo Alto Networks
|
46 |
16 |
2 |
|
Cortex XDR - Get entity alerts by MITRE tactics CTF
|
Capture The Flag - 01
|
42 |
16 |
2 |
|
Cortex XDR - Identity Analytics
|
Cortex XDR by Palo Alto Networks
|
30 |
12 |
0 |
|
Cortex XDR - Isolate Endpoint
|
Cortex XDR by Palo Alto Networks
|
8 |
3 |
6 |
|
Cortex XDR - Malicious Pod Response - Agent
|
Cloud Incident Response
|
10 |
3 |
0 |
|
Cortex XDR - Possible External RDP Brute-Force
|
Cortex XDR by Palo Alto Networks
|
59 |
14 |
0 |
|
Cortex XDR - Possible External RDP Brute-Force - Set Verdict
|
Cortex XDR by Palo Alto Networks
|
16 |
7 |
1 |
|
Cortex XDR - Possible External RDP Brute-Force CTF
|
Capture The Flag - 01
|
25 |
13 |
0 |
|
Cortex XDR - PrintNightmare Detection and Response
|
Cortex XDR by Palo Alto Networks
|
36 |
5 |
0 |
|
Cortex XDR - Retrieve File by sha256
|
Cortex XDR by Palo Alto Networks
|
9 |
1 |
10 |
|
Cortex XDR - Run script
Deprecated
|
Cortex XDR by Palo Alto Networks
|
5 |
5 |
1 |
|
Cortex XDR - Search And Block Software - XQL Engine
|
Cortex XDR by Palo Alto Networks
|
20 |
2 |
0 |
|
Cortex XDR - Search and Compare Process Executions - XDR Alerts
|
Cortex XDR by Palo Alto Networks
|
10 |
4 |
2 |
|
Cortex XDR - Search and Compare Process Executions - XQL Engine
|
Cortex XDR by Palo Alto Networks
|
10 |
3 |
2 |
|
Cortex XDR - True Positive Incident Handling
|
Cortex XDR by Palo Alto Networks
|
37 |
14 |
0 |
|
Cortex XDR - Unisolate Endpoint
|
Cortex XDR by Palo Alto Networks
|
7 |
3 |
0 |
|
Cortex XDR - XCloud Cryptojacking
|
Cloud Incident Response
|
23 |
24 |
0 |
|
Cortex XDR - XCloud Cryptojacking - Set Verdict
|
Cloud Incident Response
|
9 |
0 |
1 |
|
Cortex XDR - XCloud Token Theft - Set Verdict
|
Cloud Incident Response
|
12 |
1 |
2 |
|
Cortex XDR - XCloud Token Theft Response
|
Cloud Incident Response
|
42 |
14 |
0 |
|
Cortex XDR - check file existence
Deprecated
|
Cortex XDR by Palo Alto Networks
|
5 |
4 |
1 |
|
Cortex XDR - delete file
Deprecated
|
Cortex XDR by Palo Alto Networks
|
5 |
4 |
1 |
|
Cortex XDR - kill process
Deprecated
|
Cortex XDR by Palo Alto Networks
|
5 |
4 |
2 |
|
Cortex XDR Alerts Handling CTF
|
Capture The Flag - 01
|
12 |
2 |
38 |
|
Cortex XDR IOCs - Disable expired IOCs in XDR
|
Cortex XDR by Palo Alto Networks
|
9 |
2 |
0 |
|
Cortex XDR IOCs - Push new IOCs to XDR
|
Cortex XDR by Palo Alto Networks
|
24 |
2 |
0 |
|
Cortex XDR IOCs - Push new IOCs to XDR (Main)
|
Cortex XDR by Palo Alto Networks
|
7 |
2 |
0 |
|
Cortex XDR Lite - Incident Handling
|
Cortex XDR by Palo Alto Networks
|
32 |
10 |
0 |
|
Cortex XDR Malware - Incident Enrichment
|
Cortex XDR by Palo Alto Networks
|
24 |
1 |
15 |
|
Cortex XDR Malware - Investigation And Response
|
Cortex XDR by Palo Alto Networks
|
43 |
17 |
1 |
|
Cortex XDR Remote PsExec with LOLBIN command execution alert
|
Cortex XDR by Palo Alto Networks
|
19 |
6 |
0 |
|
Cortex XDR device control violations
|
Cortex XDR by Palo Alto Networks
|
13 |
6 |
0 |
|
Cortex XDR disconnected endpoints
|
Cortex XDR by Palo Alto Networks
|
11 |
4 |
0 |
|
Cortex XDR incident handling v3 CTF
|
Capture The Flag - 01
|
14 |
7 |
0 |
|
Courses of Action - Collection
|
MITRE ATT&CK - Courses of Action
|
8 |
1 |
2 |
|
Courses of Action - Command and Control
|
MITRE ATT&CK - Courses of Action
|
14 |
5 |
2 |
|
Courses of Action - Credential Access
|
MITRE ATT&CK - Courses of Action
|
11 |
4 |
2 |
|
Courses of Action - Defense Evasion
|
MITRE ATT&CK - Courses of Action
|
17 |
5 |
2 |
|
Courses of Action - Discovery
|
MITRE ATT&CK - Courses of Action
|
20 |
1 |
2 |
|
Courses of Action - Execution
|
MITRE ATT&CK - Courses of Action
|
17 |
5 |
2 |
|
Courses of Action - Exfiltration
|
MITRE ATT&CK - Courses of Action
|
14 |
4 |
2 |
|
Courses of Action - Impact
|
MITRE ATT&CK - Courses of Action
|
8 |
1 |
2 |
|
Courses of Action - Initial Access
|
MITRE ATT&CK - Courses of Action
|
23 |
5 |
2 |
|
Courses of Action - Lateral Movement
|
MITRE ATT&CK - Courses of Action
|
8 |
1 |
2 |
|
Courses of Action - Persistence
|
MITRE ATT&CK - Courses of Action
|
17 |
4 |
2 |
|
Courses of Action - Privilege Escalation
|
MITRE ATT&CK - Courses of Action
|
20 |
4 |
2 |
|
Create Jira Issue
|
Atlassian Jira
|
9 |
13 |
0 |
|
Create ServiceNow Ticket
|
ServiceNow
|
8 |
16 |
13 |
|
Create list for PTH
|
CertStream
|
27 |
4 |
0 |
|
CrowdStrike Endpoint Enrichment
Deprecated Hidden
|
FalconHost (Deprecated)
|
5 |
1 |
8 |
|
CrowdStrike Falcon - False Positive Incident Handling
|
CrowdStrike Falcon
|
21 |
7 |
0 |
|
CrowdStrike Falcon - Get Detections by Case
|
CrowdStrike Falcon
|
7 |
1 |
3 |
|
CrowdStrike Falcon - Get Detections by Incident
Deprecated
|
CrowdStrike Falcon
|
6 |
1 |
2 |
|
CrowdStrike Falcon - Get Endpoint Forensics Data
|
CrowdStrike Falcon
|
9 |
1 |
3 |
|
CrowdStrike Falcon - Retrieve File
|
CrowdStrike Falcon
|
8 |
4 |
2 |
|
CrowdStrike Falcon - SIEM ingestion Get Incident Data
|
CrowdStrike Falcon
|
17 |
5 |
19 |
|
CrowdStrike Falcon - Search Endpoints By Hash
|
CrowdStrike Falcon
|
19 |
4 |
10 |
|
CrowdStrike Falcon - Search Endpoints By Indicators
|
CrowdStrike Falcon
|
21 |
7 |
10 |
|
CrowdStrike Falcon - T1059 - Command and Scripting Interpreter
|
CrowdStrike Falcon
|
33 |
2 |
0 |
|
CrowdStrike Falcon - True Positive Incident Handling
|
CrowdStrike Falcon
|
42 |
17 |
0 |
|
CrowdStrike Falcon Intelligence Sandbox Detonate and Analyze File
|
CrowdStrike Falcon Intelligence Sandbox
|
8 |
10 |
5 |
|
CrowdStrike Falcon Malware - Incident Enrichment
|
CrowdStrike Falcon
|
27 |
1 |
3 |
|
CrowdStrike Falcon Malware - Investigation and Response
|
CrowdStrike Falcon
|
49 |
18 |
2 |
|
CrowdStrike Falcon Malware - Verify Containment Actions
|
CrowdStrike Falcon
|
20 |
1 |
3 |
|
CrowdStrike Falcon Sandbox - Detonate file
Deprecated
|
CrowdStrike Falcon Sandbox
|
9 |
4 |
14 |
|
CrowdStrike Rapid IOC Hunting
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
17 |
0 |
0 |
|
CrowdStrike Rapid IOC Hunting v2
Deprecated Hidden
|
FalconHost (Deprecated)
|
17 |
0 |
0 |
|
Crowdstrike Falcon - Isolate Endpoint
|
CrowdStrike Falcon
|
7 |
1 |
0 |
|
Crowdstrike Falcon - Unisolate Endpoint
|
CrowdStrike Falcon
|
7 |
1 |
0 |
|
CyberBlindspot Incident Management
|
CTM360
|
20 |
0 |
0 |
|
CyberBlindspot Incident Management V2
|
CTM360
|
16 |
0 |
0 |
|
CyberBlindspot Incident Management V3
|
CTM360
|
19 |
0 |
0 |
|
CyberBlindspot Retrieve Incident Screenshots
|
CTM360
|
8 |
0 |
0 |
|
Cybereason - Download Close File
|
Cybereason
|
5 |
2 |
0 |
|
Cybereason - Download File
|
Cybereason
|
5 |
2 |
0 |
|
Cyble Intel Alert
|
Cyble Events (Deprecated)
|
2 |
0 |
0 |
|
Cyble Vision Alert V2
|
CybleEventsV2
|
2 |
2 |
0 |
|
D2 - Endpoint data collection
|
D2 (Deprecated)
|
11 |
4 |
0 |
|
DBot Create Phishing Classifier
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
8 |
11 |
3 |
|
DBot Create Phishing Classifier Job
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
DBot Create Phishing Classifier V2
|
Machine Learning
|
8 |
15 |
5 |
|
DBot Create Phishing Classifier V2 From File
|
Machine Learning
|
4 |
16 |
4 |
|
DBot Create Phishing Classifier V2 Job
|
Machine Learning
|
5 |
0 |
0 |
|
DBot Indicator Enrichment - Generic
|
Common Playbooks
|
15 |
6 |
5 |
|
DLP - Get Approval
|
Enterprise DLP by Palo Alto Networks
|
15 |
4 |
0 |
|
DLP - Get User Feedback
|
Enterprise DLP by Palo Alto Networks
|
24 |
5 |
1 |
|
DLP - Get User Feedback via Email
|
Enterprise DLP by Palo Alto Networks
|
10 |
7 |
1 |
|
DLP - User Message App Check
|
Enterprise DLP by Palo Alto Networks
|
13 |
3 |
2 |
|
DNSDB - IPs from Hostname
|
Farsight DNSDB
|
7 |
1 |
1 |
|
DNSDB - Related Hostnames from Hostname
|
Farsight DNSDB
|
11 |
1 |
1 |
|
DSPM Jira Ticket Creation
|
DSPM
|
9 |
0 |
0 |
|
DSPM Multi-Cloud Risk Remediation
|
DSPM
|
38 |
3 |
0 |
|
DSPM Re-run incident
|
DSPM
|
4 |
1 |
0 |
|
DSPM Remediation for Empty storage asset
|
DSPM
|
23 |
0 |
0 |
|
DSPM Remediation for Sensitive asset open to world
|
DSPM
|
26 |
0 |
0 |
|
DSPM Send Slack Notification to User
|
DSPM
|
24 |
3 |
0 |
|
DSPM Valid User Response
|
DSPM
|
23 |
1 |
0 |
|
DSPM notify user in case of error
|
DSPM
|
17 |
1 |
0 |
|
DTM Alert Incident Response - Google Threat Intelligence
|
GoogleThreatIntelligence
|
19 |
4 |
0 |
|
Darkmon - Block IOC
|
Darkmon
|
4 |
3 |
0 |
|
Darkmon - Brand-Targeted NRD Watch
|
Darkmon
|
9 |
1 |
1 |
|
Darkmon - Compromised Account Response
|
Darkmon
|
9 |
1 |
0 |
|
Darkmon - Compromised Credentials Sweep
|
Darkmon
|
8 |
0 |
2 |
|
Darkmon - Compromised Employee Auto-Disable
|
Darkmon
|
11 |
1 |
1 |
|
Darkmon - Critical CVE Pipeline
|
Darkmon
|
9 |
1 |
1 |
|
Darkmon - EDR Alert Enrichment
|
Darkmon
|
6 |
0 |
1 |
|
Darkmon - Email Deep Dive
|
Darkmon
|
10 |
1 |
5 |
|
Darkmon - Enrich Domain
|
Darkmon
|
5 |
1 |
9 |
|
Darkmon - Enrich Email
|
Darkmon
|
5 |
1 |
9 |
|
Darkmon - Enrich File
|
Darkmon
|
5 |
1 |
9 |
|
Darkmon - Enrich IP
|
Darkmon
|
5 |
1 |
9 |
|
Darkmon - Enrich URL
|
Darkmon
|
5 |
1 |
9 |
|
Darkmon - Generic Block Indicator
|
Darkmon
|
8 |
3 |
0 |
|
Darkmon - Generic Notify
|
Darkmon
|
9 |
5 |
0 |
|
Darkmon - Generic User Action
|
Darkmon
|
10 |
3 |
0 |
|
Darkmon - Phishing Email Triage
|
Darkmon
|
10 |
1 |
2 |
|
Darkmon - Ransomware Mentions Watch
|
Darkmon
|
8 |
0 |
0 |
|
Darkmon - Ransomware Victim Response
|
Darkmon
|
6 |
2 |
0 |
|
Darkmon - VIP Email Monitor
|
Darkmon
|
6 |
0 |
1 |
|
Darktrace ASM Basic Risk Handler
|
DarktraceASM
|
7 |
0 |
0 |
|
Darktrace Basic AI Analyst Event Handler
|
Darktrace
|
11 |
0 |
0 |
|
Darktrace Basic Model Breach Handler
|
Darktrace
|
10 |
0 |
0 |
|
Darktrace Email Basic Email Handler
|
Darktrace
|
13 |
0 |
0 |
|
Darktrace Email Update Incident Fields
|
Darktrace
|
6 |
0 |
0 |
|
DataBee Enrichment
|
DataBee
|
16 |
1 |
0 |
|
DeCYFIR - v1
|
DeCYFIR
|
16 |
0 |
0 |
|
DeDup incidents
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
5 |
1 |
|
DeDup incidents - ML
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
7 |
1 |
2 |
|
Dedup - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
8 |
7 |
2 |
|
Dedup - Generic v2
Deprecated Hidden
|
Common Playbooks
|
14 |
9 |
2 |
|
Dedup - Generic v3
Deprecated
|
Common Playbooks
|
15 |
12 |
2 |
|
Dedup - Generic v4
|
Common Playbooks
|
16 |
12 |
2 |
|
DeepL Translate Document
|
DeepL
|
7 |
7 |
1 |
|
Delete Custom Content
|
XSOAR CI/CD
|
10 |
2 |
0 |
|
Demisto Self-Defense - Account policy monitoring playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
8 |
0 |
0 |
|
Departing Employee Auto-Add
|
Code42
|
12 |
0 |
0 |
|
Departing Employee Clean-Up
|
Code42
|
11 |
0 |
0 |
|
Detections Assessment - Vectra XDR
|
Vectra XDR
|
7 |
2 |
0 |
|
Detonate File - ANYRUN
Deprecated
|
ANY.RUN
|
7 |
3 |
69 |
|
Detonate File - BitDam
|
BitDam
|
9 |
3 |
7 |
|
Detonate File - Cuckoo
|
Cuckoo Sandbox
|
10 |
3 |
32 |
|
Detonate File - FireEye AX
|
FireEye (AX Series)
|
9 |
3 |
14 |
|
Detonate File - FireEye Detection on Demand
|
FireEye Detection on Demand
|
7 |
3 |
1 |
|
Detonate File - FortiSandbox
Deprecated
|
FortiSandbox
|
10 |
2 |
0 |
|
Detonate File - Generic
|
Common Playbooks
|
21 |
3 |
489 |
|
Detonate File - Group-IB TDS Polygon
|
Polygon
|
11 |
4 |
46 |
|
Detonate File - HybridAnalysis
Deprecated
|
Hybrid Analysis (Deprecated)
|
7 |
8 |
21 |
|
Detonate File - JoeSecurity
Deprecated
|
Joe Security
|
9 |
7 |
30 |
|
Detonate File - JoeSecurity V2
|
Joe Security
|
9 |
5 |
34 |
|
Detonate File - Lastline
|
Lastline
|
11 |
3 |
38 |
|
Detonate File - Lastline v2
|
Lastline
|
11 |
3 |
38 |
|
Detonate File - SNDBOX
Deprecated Hidden
|
SNDBOX (Deprecated)
|
12 |
3 |
33 |
|
Detonate File - Symantec Blue Coat Content and Malware Analysis Beta
|
Symantec Blue Coat Content and Malware Analysis (Beta)
|
9 |
2 |
23 |
|
Detonate File - ThreatGrid
Deprecated
|
Cisco Secure Malware Analytics
|
10 |
9 |
16 |
|
Detonate File - ThreatGrid v2
|
Cisco Secure Malware Analytics
|
8 |
3 |
3 |
|
Detonate File - ThreatStream
|
Anomali ThreatStream
|
9 |
7 |
14 |
|
Detonate File - Trend Micro Deep Discovery Analyzer Beta
|
TrendAI™ Deep Discovery™ Analyzer
|
10 |
3 |
17 |
|
Detonate File - VMRay
|
VMRay Analyzer
|
15 |
3 |
61 |
|
Detonate File From URL - ANYRUN
Deprecated
|
ANY.RUN
|
7 |
3 |
69 |
|
Detonate File From URL - JoeSecurity
Deprecated
|
Joe Security
|
7 |
7 |
14 |
|
Detonate File From URL - WildFire
Deprecated
|
WildFire by Palo Alto Networks
|
8 |
4 |
30 |
|
Detonate Remote File from URL - McAfee ATD
|
McAfee Advanced Threat Defense
|
10 |
3 |
31 |
|
Detonate URL - ANYRUN
Deprecated
|
ANY.RUN
|
7 |
3 |
60 |
|
Detonate URL - CrowdStrike
Deprecated
|
CrowdStrike Falcon Sandbox
|
8 |
5 |
14 |
|
Detonate URL - Cuckoo
|
Cuckoo Sandbox
|
9 |
3 |
22 |
|
Detonate URL - FireEye AX
|
FireEye (AX Series)
|
9 |
4 |
6 |
|
Detonate URL - Generic
Deprecated
|
Common Playbooks
|
21 |
1 |
138 |
|
Detonate URL - Generic v1.5
|
Common Playbooks
|
23 |
2 |
631 |
|
Detonate URL - Group-IB TDS Polygon
|
Polygon
|
10 |
3 |
46 |
|
Detonate URL - Hatching Triage
|
Hatching Triage
|
9 |
3 |
10 |
|
Detonate URL - Hybrid Analysis
Deprecated
|
Hybrid Analysis (Deprecated)
|
9 |
3 |
4 |
|
Detonate URL - JoeSecurity
Deprecated
|
Joe Security
|
9 |
7 |
30 |
|
Detonate URL - Lastline
|
Lastline
|
9 |
3 |
36 |
|
Detonate URL - Lastline v2
|
Lastline
|
9 |
3 |
36 |
|
Detonate URL - McAfee ATD
|
McAfee Advanced Threat Defense
|
10 |
3 |
31 |
|
Detonate URL - Phish.AI
Deprecated Hidden
|
Phish.AI (Deprecated)
|
7 |
3 |
13 |
|
Detonate URL - Symantec Blue Coat Content and Malware Analysis Beta
|
Symantec Blue Coat Content and Malware Analysis (Beta)
|
6 |
2 |
23 |
|
Detonate URL - ThreatGrid
Deprecated
|
Cisco Secure Malware Analytics
|
7 |
9 |
16 |
|
Detonate URL - ThreatGrid v2
|
Cisco Secure Malware Analytics
|
5 |
3 |
9 |
|
Detonate URL - ThreatStream
|
Anomali ThreatStream
|
7 |
7 |
26 |
|
Detonate URL - Trend Micro Deep Discovery Analyzer Beta
|
TrendAI™ Deep Discovery™ Analyzer
|
8 |
3 |
23 |
|
Detonate URL - VMRay
|
VMRay Analyzer
|
15 |
3 |
61 |
|
Detonate URL - WildFire v2.1
Deprecated
|
WildFire by Palo Alto Networks
|
14 |
4 |
38 |
|
Detonate URL - WildFire-v2
Deprecated
|
WildFire by Palo Alto Networks
|
10 |
4 |
30 |
|
Detonate and Analyze File - Generic
|
Common Playbooks
|
18 |
1 |
52 |
|
Detonate and Analyze File - JoeSecurity
Deprecated
|
Joe Security
|
9 |
20 |
84 |
|
Detonate file - CrowdStrike Falcon Sandbox v2
|
CrowdStrike Falcon Sandbox
|
8 |
2 |
14 |
|
Digital Defense FrontlineVM - Old Vulnerabilities Found
|
Digital Defense Frontline VM
|
6 |
1 |
0 |
|
Digital Defense FrontlineVM - PAN-OS block assets
|
Digital Defense Frontline VM
|
13 |
0 |
0 |
|
Digital Defense FrontlineVM - Scan Asset Not Recently Scanned
|
Digital Defense Frontline VM
|
7 |
0 |
0 |
|
Digital Guardian Demo Playbook
|
Digital Guardian
|
15 |
4 |
0 |
|
Dispatch Incident - Vectra Detect
|
Vectra AI
|
12 |
3 |
0 |
|
Dispatch Incident - Vectra XDR
|
Vectra XDR
|
11 |
1 |
0 |
|
Domain Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
9 |
2 |
2 |
|
Domain Enrichment - Generic v2
|
Common Playbooks
|
9 |
2 |
29 |
|
Domain Enrichment - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
10 |
1 |
0 |
|
Doppel Screenshot Preview
|
Doppel
|
5 |
1 |
0 |
|
EDL Monitor- Email EDL content
|
EDL Monitor
|
3 |
0 |
0 |
|
Email Address Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
15 |
3 |
17 |
|
Email Address Enrichment - Generic v2
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
13 |
3 |
17 |
|
Email Address Enrichment - Generic v2.1
|
Common Playbooks
|
17 |
4 |
61 |
|
Email Collection by Enriched Domain - Google Threat Intelligence
|
GoogleThreatIntelligence
|
5 |
1 |
1 |
|
Email Headers Check - Generic
|
Common Playbooks
|
9 |
2 |
2 |
|
Endpoint Enrichment - Cylance Protect v2
|
Cylance Protect
|
7 |
1 |
1 |
|
Endpoint Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
22 |
1 |
6 |
|
Endpoint Enrichment - Generic v2
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
19 |
1 |
6 |
|
Endpoint Enrichment - Generic v2.1
|
Common Playbooks
|
28 |
4 |
45 |
|
Endpoint Enrichment - Generic v2.1
|
Common Playbooks
|
31 |
4 |
221 |
|
Endpoint Investigation Plan
|
Common Playbooks
|
53 |
20 |
0 |
|
Endpoint Malware Investigation - Generic
Deprecated
|
Malware Core
|
34 |
8 |
0 |
|
Endpoint Malware Investigation - Generic V2
Deprecated
|
Malware Core
|
68 |
25 |
0 |
|
Endpoint data collection
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
7 |
2 |
0 |
|
Enrich Custom IOCs - Dataminr Pulse
|
Dataminr Pulse
|
16 |
3 |
0 |
|
Enrich DXL with ATD verdict
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
Enrich DXL with ATD verdict v2
|
McAfee DXL
|
5 |
0 |
0 |
|
Enrich Incident With Asset Details - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
24 |
4 |
0 |
|
Enrich McAfee DXL using 3rd party sandbox
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
Enrich McAfee DXL using 3rd party sandbox v2
|
McAfee DXL
|
5 |
0 |
0 |
|
Enrich ThinkstCanary Events
|
Thinkst Canary
|
2 |
0 |
0 |
|
Enrichment Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
14 |
0 |
0 |
|
Enrichment for Verdict
|
Common Playbooks
|
29 |
15 |
39 |
|
Entity Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
9 |
10 |
37 |
|
Entity Enrichment - Generic v2
|
Common Playbooks
|
9 |
13 |
336 |
|
Eradication Plan
|
Common Playbooks
|
13 |
8 |
1 |
|
Eradication Plan - Delete File
|
Common Playbooks
|
5 |
3 |
0 |
|
Eradication Plan - Reset Password
|
Common Playbooks
|
7 |
2 |
0 |
|
Eradication Plan - Terminate Process
|
Common Playbooks
|
17 |
4 |
1 |
|
Exchange 2016 Search and Delete
|
Exchange 2016 Compliance Search
|
10 |
1 |
0 |
|
Expanse Attribution
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
39 |
7 |
4 |
|
Expanse Enrich Cloud Assets
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
13 |
7 |
1 |
|
Expanse Find Cloud IP Address Region and Service
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
7 |
5 |
1 |
|
Expanse Load-Create List
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
8 |
2 |
1 |
|
Expanse Unmanaged Cloud
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
24 |
3 |
0 |
|
Expanse VM Enrich
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
20 |
0 |
0 |
|
Expire Inactive Detections - Vectra RUX
|
Vectra RUX
|
5 |
1 |
2 |
|
ExtraHop - CVE-2019-0708 (BlueKeep)
|
ExtraHop Reveal(x)
|
10 |
1 |
4 |
|
ExtraHop - Default
|
ExtraHop Reveal(x)
|
9 |
0 |
4 |
|
ExtraHop - Get Peers by Host
|
ExtraHop Reveal(x)
|
8 |
5 |
2 |
|
ExtraHop - Ticket Tracking
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
13 |
1 |
0 |
|
ExtraHop - Ticket Tracking v2
|
ExtraHop Reveal(x)
|
13 |
1 |
0 |
|
Extract Indicators - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
7 |
1 |
7 |
|
Extract Indicators From File - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
1 |
17 |
|
Extract and Enrich Expanse Indicators
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
37 |
3 |
8 |
|
Failed Login Playbook - Slack v2
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
9 |
0 |
0 |
|
Failed Login Playbook With Slack
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
9 |
0 |
0 |
|
Fetch All Violations - Securonix
|
Securonix
|
6 |
3 |
0 |
|
Fetch Violations - Securonix
|
Securonix
|
3 |
3 |
0 |
|
Field Polling - Generic
|
Common Playbooks
|
3 |
4 |
0 |
|
Fighting Ursa Luring Targets With Car For Sale
|
Unit42 Threat Brief - Fighting Ursa
|
21 |
2 |
0 |
|
File Enrichment - File reputation
|
Common Playbooks
|
9 |
3 |
10 |
|
File Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
10 |
3 |
14 |
|
File Enrichment - Generic v2
|
Common Playbooks
|
12 |
4 |
95 |
|
File Enrichment - VMRay
|
VMRay Analyzer
|
10 |
3 |
25 |
|
File Enrichment - Virus Total Private API
Deprecated
|
VirusTotal - Private API (Deprecated)
|
13 |
3 |
14 |
|
File Private Scanning - Google Threat Intelligence
|
GoogleThreatIntelligence
|
11 |
1 |
0 |
|
File Reputation
|
Common Playbooks
|
24 |
3 |
6 |
|
Find Detection State and Expire Inactive Detections - Vectra RUX
|
Vectra RUX
|
12 |
1 |
0 |
|
FireEye HX - Execution Flow Indicators Hunting
|
FireEye HX
|
26 |
8 |
19 |
|
FireEye HX - File Indicators Hunting
|
FireEye HX
|
36 |
10 |
19 |
|
FireEye HX - Indicators Hunting
|
FireEye HX
|
8 |
17 |
19 |
|
FireEye HX - Isolate Endpoint
|
FireEye HX
|
7 |
2 |
0 |
|
FireEye HX - Traffic Indicators Hunting
|
FireEye HX
|
24 |
6 |
19 |
|
FireEye HX - Unisolate Endpoint
|
FireEye HX
|
7 |
2 |
0 |
|
FireEye Helix Archive Search
|
FireEye Helix
|
7 |
10 |
44 |
|
FireEye Red Team Tools Investigation and Response
|
Rapid Breach Response
|
27 |
3 |
0 |
|
FireMon Create Policy Planner Ticket
|
FireMon Security Manager
|
4 |
5 |
0 |
|
FireMon Pre Change Assessment
|
FireMon Security Manager
|
4 |
6 |
0 |
|
Forensics Tools Analysis
|
Windows Forensics
|
8 |
2 |
0 |
|
FortiSandbox - Loop For Job Verdict
Deprecated
|
FortiSandbox
|
2 |
1 |
0 |
|
FortiSandbox - Loop for Job Submissions
Deprecated
|
FortiSandbox
|
2 |
1 |
0 |
|
FortiSandbox - Upload Multiple Files
Deprecated
|
FortiSandbox
|
2 |
6 |
0 |
|
Function Deployment - AWS
|
AWS Enrichment and Remediation
|
28 |
13 |
135 |
|
Function Removal - AWS
|
AWS Enrichment and Remediation
|
10 |
7 |
0 |
|
GCP - User Investigation
|
GCP Enrichment and Remediation
|
24 |
3 |
8 |
|
GDPR Breach Notification
|
GDPR
|
22 |
0 |
0 |
|
GRACase
|
Gurucul Risk Analytics
|
3 |
0 |
0 |
|
GenericPolling
|
Common Playbooks
|
6 |
9 |
0 |
|
Get Cloud Account Owner - Generic
|
Common Playbooks
|
13 |
2 |
1 |
|
Get Code42 Employee Information
|
Code42
|
14 |
2 |
5 |
|
Get Email From Email Gateway - FireEye
|
FireEye Email Security (EX)
|
11 |
2 |
3 |
|
Get Email From Email Gateway - Generic
|
Common Playbooks
|
5 |
1 |
1 |
|
Get Email From Email Gateway - Mimecast
|
Mimecast
|
4 |
1 |
17 |
|
Get Email From Email Gateway - Proofpoint Protection Server
|
Proofpoint Protection Server
|
4 |
1 |
0 |
|
Get File Sample By Hash - Carbon Black Enterprise Response
|
Carbon Black Enterprise Response
|
5 |
1 |
1 |
|
Get File Sample By Hash - Cylance Protect
Deprecated Hidden
|
Cylance Protect
|
16 |
2 |
1 |
|
Get File Sample By Hash - Cylance Protect v2
|
Cylance Protect
|
5 |
2 |
6 |
|
Get File Sample By Hash - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
4 |
2 |
1 |
|
Get File Sample By Hash - Generic v2
Deprecated
|
Common Playbooks
|
4 |
2 |
1 |
|
Get File Sample By Hash - Generic v3
|
Common Playbooks
|
5 |
3 |
11 |
|
Get File Sample From Path - Carbon Black Enterprise Response
|
Carbon Black Enterprise Response
|
5 |
2 |
26 |
|
Get File Sample From Path - D2
|
D2 (Deprecated)
|
5 |
3 |
1 |
|
Get File Sample From Path - Generic
Deprecated
|
Common Playbooks
|
6 |
3 |
1 |
|
Get File Sample From Path - Generic V2
Deprecated
|
Common Playbooks
|
6 |
4 |
11 |
|
Get File Sample From Path - Generic V3
|
Common Playbooks
|
12 |
3 |
14 |
|
Get File Sample From Path - VMware Carbon Black EDR - Live Response API
|
Carbon Black Enterprise Live Response
|
11 |
2 |
11 |
|
Get Mails By Folder Pathes
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
3 |
0 |
|
Get Mails By Folder Paths
|
Microsoft Exchange Online
|
5 |
3 |
0 |
|
Get Original Email - EWS v2
|
Microsoft Exchange On-Premise
|
9 |
2 |
1 |
|
Get Original Email - Generic v2
|
Phishing
|
8 |
3 |
12 |
|
Get Original Email - Gmail v2
|
Gmail
|
8 |
2 |
10 |
|
Get Original Email - Microsoft Graph Mail
|
Microsoft Graph Mail
|
8 |
3 |
1 |
|
Get User Devices - Generic
|
Common Playbooks
|
5 |
4 |
155 |
|
Get User Devices by Email Address - Generic
|
Common Playbooks
|
47 |
3 |
110 |
|
Get User Devices by Username - Generic
|
Common Playbooks
|
58 |
3 |
150 |
|
Get endpoint details - Generic
Deprecated
|
Common Playbooks
|
17 |
3 |
8 |
|
Get host forensics - Generic
|
Common Playbooks
|
6 |
4 |
12 |
|
Get prevalence for IOCs
|
Common Playbooks
|
20 |
7 |
48 |
|
Get the binary file from Carbon Black by its MD5 hash
|
Carbon Black Enterprise Response
|
5 |
1 |
11 |
|
Google Dorking File Processing
|
Google Dorking
|
44 |
4 |
0 |
|
Google Vault - Display Results
|
Google Vault
|
13 |
7 |
16 |
|
Google Vault - Search Drive
|
Google Vault
|
10 |
18 |
17 |
|
Google Vault - Search Groups
|
Google Vault
|
10 |
14 |
16 |
|
Google Vault - Search Mail
|
Google Vault
|
10 |
17 |
16 |
|
HAFNIUM - Exchange 0-day exploits
|
Rapid Breach Response
|
62 |
1 |
0 |
|
HAFNIUM - Exchange 0-day exploits
|
Rapid Breach Response
|
62 |
3 |
0 |
|
HIPAA - Breach Notification
|
HIPAA - Breach Notification
|
54 |
9 |
0 |
|
HackerView Incident Management
|
CTM360
|
14 |
0 |
0 |
|
Handle Darktrace Model Breach
Deprecated
|
Darktrace
|
22 |
0 |
0 |
|
Handle Expanse Incident
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
137 |
14 |
0 |
|
Handle Expanse Incident - Attribution Only
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
89 |
8 |
0 |
|
Handle False Positive Alerts
|
Common Playbooks
|
20 |
7 |
0 |
|
Handle Hello World Alert
|
HelloWorld
|
2 |
1 |
0 |
|
Handle Shadow IT Incident
|
Shadow IT
|
44 |
4 |
0 |
|
HelloWorld Scan
Deprecated
|
HelloWorld
|
7 |
4 |
12 |
|
Host Lookup - Infoblox NIOS
|
Infoblox NIOS
|
9 |
1 |
0 |
|
Hostname And IP Address Investigation And Remediation - Chronicle
|
Google SecOps
|
44 |
6 |
2 |
|
Humio QueryJob Poll
|
Humio
|
5 |
7 |
5 |
|
Hunt Extracted Hashes
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
7 |
1 |
0 |
|
Hunt Extracted Hashes V2
|
Hunting
|
7 |
1 |
0 |
|
Hunt for bad IOCs
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
Hunting C&C Communication Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
50 |
0 |
0 |
|
Hurukai - Alert management
|
HarfangLab EDR
|
40 |
0 |
0 |
|
Hurukai - Get All Artifacts
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Artifact Evtx
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Artifact Filesystem
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Artifact Hives
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Artifact Logs
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Artifact MFT
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Artifact RAM Dump
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Driver List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Network Connection List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Network Share List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Persistence List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Pipe List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Prefetch List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Process List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Runkey List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Scheduled Task List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Service List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Session List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get Startup List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hurukai - Get WMI List
|
HarfangLab EDR
|
7 |
1 |
0 |
|
Hybrid-analysis quick-scan
Deprecated
|
Hybrid Analysis (Deprecated)
|
5 |
3 |
1 |
|
IOC Alert
|
Core
|
25 |
27 |
0 |
|
IOC Curated Enrichment - Google Threat Intelligence
|
GoogleThreatIntelligence
|
11 |
2 |
0 |
|
IOC Enrichment and Blocking - Google Threat Intelligence
|
GoogleThreatIntelligence
|
39 |
4 |
0 |
|
IOCs Curated Threat Intelligence Enrichment - Google Threat Intelligence
|
GoogleThreatIntelligence
|
14 |
0 |
0 |
|
IP Enrichment - External - Generic v2
|
Common Playbooks
|
16 |
7 |
27 |
|
IP Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
16 |
3 |
8 |
|
IP Enrichment - Generic v2
|
Common Playbooks
|
11 |
7 |
183 |
|
IP Enrichment - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
10 |
1 |
0 |
|
IP Enrichment - Internal - Generic v2
|
Common Playbooks
|
11 |
5 |
163 |
|
IP Lookup - Infoblox NIOS
|
Infoblox NIOS
|
10 |
1 |
0 |
|
IP Whitelist And Exclusion - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
39 |
8 |
0 |
|
IQ-HUB Automation
|
Confluera
|
8 |
0 |
0 |
|
Identity Analytics - Alert Handling
|
Core
|
30 |
9 |
0 |
|
Illinois - Breach Notification
|
US - Breach Notification
|
47 |
7 |
8 |
|
Illuminate Integration Demonstration
Deprecated Hidden
|
Analyst1
|
12 |
0 |
0 |
|
Illusive - Data Enrichment
|
Illusive Networks
|
19 |
2 |
28 |
|
Illusive - Incident Escalation
|
Illusive Networks
|
42 |
7 |
8 |
|
Illusive-Collect-Forensics-On-Demand
|
Illusive Networks
|
8 |
3 |
8 |
|
Illusive-Retrieve-Incident
|
Illusive Networks
|
6 |
3 |
8 |
|
Impossible Traveler - Enrichment
|
Core
|
17 |
3 |
12 |
|
Impossible Traveler Response
|
Core
|
26 |
28 |
21 |
|
Incident Enrichment
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
5 |
0 |
0 |
|
Incident Enrichment - XM Cyber
|
XM Cyber
|
17 |
7 |
0 |
|
Incident Response - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
18 |
4 |
0 |
|
Indeni Demo
|
Indeni
|
16 |
0 |
0 |
|
Indicator Enrichment - Censys
|
Censys
|
16 |
3 |
0 |
|
Indicator Enrichment - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
14 |
4 |
0 |
|
Indicator Enrichment - Qintel
|
Qintel
|
13 |
3 |
0 |
|
Indicator Pivoting - DomainTools Iris
|
DomainTools Iris Investigate
|
17 |
13 |
86 |
|
Indicator Registration Polling - Generic
|
Common Playbooks
|
3 |
3 |
0 |
|
Integration Troubleshooting
|
Troubleshoot
|
35 |
4 |
0 |
|
Integrations and Incidents Health Check - Running Scripts
|
Integrations & Incidents Health Check
|
9 |
0 |
0 |
|
Intezer - Analyze File and URL
|
Intezer
|
8 |
4 |
10 |
|
Intezer - Analyze Uploaded file
|
Intezer
|
7 |
3 |
14 |
|
Intezer - Analyze by hash
|
Intezer
|
8 |
3 |
14 |
|
Investigate On Bad Domain Matches - Chronicle
|
Google SecOps
|
30 |
2 |
0 |
|
Ironscales-Classify-Incident
|
Ironscales
|
4 |
0 |
0 |
|
Isolate Endpoint - Cybereason
|
Cybereason
|
7 |
1 |
2 |
|
Isolate Endpoint - Generic
Deprecated
|
Common Playbooks
|
6 |
4 |
14 |
|
Isolate Endpoint - Generic V2
|
Common Playbooks
|
8 |
3 |
20 |
|
Isolate Endpoint - Generic V2
|
Common Playbooks
|
9 |
3 |
22 |
|
Issue Exception Approval
|
Core
|
10 |
0 |
0 |
|
Ivanti Critical Vulnerabilities
|
Ivanti Critical Vulnerabilities
|
31 |
6 |
0 |
|
JOB - Cortex XDR query endpoint device control violations
|
Cortex XDR by Palo Alto Networks
|
8 |
6 |
0 |
|
JOB - Integrations and Incidents Health Check
|
Integrations & Incidents Health Check
|
27 |
5 |
0 |
|
JOB - Integrations and Incidents Health Check - Lists handling
|
Integrations & Incidents Health Check
|
44 |
0 |
0 |
|
JOB - Popular News
|
Popular Cybersecurity News
|
12 |
3 |
0 |
|
JOB - XSOAR - Export Selected Custom Content
|
XSOAR - Simple Dev to Prod
|
14 |
0 |
0 |
|
JOB - XSOAR - Simple Dev to Prod
|
XSOAR - Simple Dev to Prod
|
26 |
1 |
0 |
|
Jira Change Management
|
Change Management
|
23 |
26 |
0 |
|
Jira Ticket State Polling
|
Atlassian Jira
|
6 |
5 |
0 |
|
Kaseya VSA 0-day - REvil Ransomware Supply Chain Attack
|
Rapid Breach Response
|
65 |
11 |
0 |
|
Kaseya VSA 0-day - REvil Ransomware Supply Chain Attack
|
Rapid Breach Response
|
65 |
12 |
0 |
|
Kenna - Search and Handle Asset Vulnerabilities
|
Kenna
|
15 |
2 |
7 |
|
LSASS Credential Dumpin
|
LSASS Credential Dumping
|
25 |
0 |
0 |
|
Large Upload Alert
|
Core
|
53 |
9 |
0 |
|
Launch And Fetch Compliance Policy Report - Qualys
|
Qualys
|
4 |
12 |
0 |
|
Launch And Fetch Compliance Report - Qualys
|
Qualys
|
4 |
10 |
0 |
|
Launch And Fetch Host Based Findings Report - Qualys
|
Qualys
|
4 |
10 |
0 |
|
Launch And Fetch Map Report - Qualys
|
Qualys
|
4 |
10 |
0 |
|
Launch And Fetch PC Scan - Qualys
|
Qualys
|
4 |
19 |
0 |
|
Launch And Fetch Patch Report - Qualys
|
Qualys
|
4 |
9 |
0 |
|
Launch And Fetch Remediation Report - Qualys
|
Qualys
|
4 |
10 |
0 |
|
Launch And Fetch Scan Based Findings Report - Qualys
|
Qualys
|
7 |
9 |
6 |
|
Launch And Fetch Scheduled Report - Qualys
|
Qualys
|
5 |
1 |
0 |
|
Launch And Fetch VM Scan - Qualys
|
Qualys
|
4 |
35 |
1 |
|
Launch Scan - Tenable.sc
Deprecated
|
Tenable.sc
|
7 |
3 |
19 |
|
List Cisco Stealthwatch Security Events
|
Cisco Secure Network Analytics (Stealthwatch)
|
7 |
5 |
1 |
|
List Device Events - Chronicle
|
Google SecOps
|
12 |
4 |
1 |
|
Local Analysis alert Investigation
|
Core
|
45 |
30 |
0 |
|
LogRhythmRestV2 - Search query
|
LogRhythm
|
4 |
16 |
20 |
|
Logrhythm - Search query
|
LogRhythm
|
4 |
14 |
19 |
|
Logrhythm Alarm Handling
|
LogRhythm
|
5 |
0 |
0 |
|
Lost / Stolen Device Playbook
|
Lost / Stolen Device
|
55 |
0 |
0 |
|
MAC Enrichment - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
7 |
1 |
0 |
|
MAC Lease Lookup - Infoblox NIOS
|
Infoblox NIOS
|
10 |
1 |
0 |
|
MAR - Endpoint data collection
|
McAfee Active Response
|
27 |
1 |
0 |
|
MDE - False Positive Incident Handling
|
Microsoft Defender for Endpoint
|
19 |
9 |
0 |
|
MDE - Host Advanced Hunting
|
Microsoft Defender for Endpoint
|
32 |
8 |
23 |
|
MDE - Host Advanced Hunting For Network Activity
|
Microsoft Defender for Endpoint
|
38 |
3 |
21 |
|
MDE - Host Advanced Hunting For Persistence
|
Microsoft Defender for Endpoint
|
33 |
4 |
12 |
|
MDE - Host Advanced Hunting For Powershell Executions
|
Microsoft Defender for Endpoint
|
16 |
6 |
37 |
|
MDE - Pro-Active Actions
|
Microsoft Defender for Endpoint
|
23 |
5 |
0 |
|
MDE - Retrieve File
|
Microsoft Defender for Endpoint
|
6 |
2 |
2 |
|
MDE - Search And Block Software
|
Microsoft Defender for Endpoint
|
19 |
4 |
0 |
|
MDE - Search and Compare Process Executions
|
Microsoft Defender for Endpoint
|
10 |
3 |
2 |
|
MDE - True Positive Incident Handling
|
Microsoft Defender for Endpoint
|
42 |
17 |
0 |
|
MDE Malware - Incident Enrichment
|
Microsoft Defender for Endpoint
|
29 |
2 |
4 |
|
MDE Malware - Investigation and Response
|
Microsoft Defender for Endpoint
|
42 |
23 |
0 |
|
MDE SIEM ingestion - Get Incident Data
|
Microsoft Defender for Endpoint
|
6 |
4 |
18 |
|
MDR Escalation Process - Vectra XDR
|
Vectra XDR
|
17 |
4 |
0 |
|
MITRE ATT&CK - Courses of Action
|
MITRE ATT&CK - Courses of Action
|
26 |
5 |
1 |
|
MITRE ATT&CK CoA - T1003 - OS Credential Dumping
|
MITRE ATT&CK - Courses of Action
|
8 |
0 |
1 |
|
MITRE ATT&CK CoA - T1005 - Data from Local System
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1021.001 - Remote Desktop Protocol
|
MITRE ATT&CK - Courses of Action
|
9 |
0 |
1 |
|
MITRE ATT&CK CoA - T1027 - Obfuscated Files or Information
|
MITRE ATT&CK - Courses of Action
|
10 |
4 |
1 |
|
MITRE ATT&CK CoA - T1041 - Exfiltration Over C2 Channel
|
MITRE ATT&CK - Courses of Action
|
9 |
3 |
1 |
|
MITRE ATT&CK CoA - T1048 - Exfiltration Over Alternative Protocol
|
MITRE ATT&CK - Courses of Action
|
8 |
3 |
1 |
|
MITRE ATT&CK CoA - T1057 - Process Discovery
|
MITRE ATT&CK - Courses of Action
|
8 |
0 |
1 |
|
MITRE ATT&CK CoA - T1059 - Command and Scripting Interpreter
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1059.001 - PowerShell
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1068 - Exploitation for Privilege Escalation
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1071 - Application Layer Protocol
|
MITRE ATT&CK - Courses of Action
|
12 |
3 |
1 |
|
MITRE ATT&CK CoA - T1078 - Valid Accounts
|
MITRE ATT&CK - Courses of Action
|
11 |
3 |
1 |
|
MITRE ATT&CK CoA - T1082 - System Information Discovery
|
MITRE ATT&CK - Courses of Action
|
8 |
0 |
1 |
|
MITRE ATT&CK CoA - T1083 - File and Directory Discovery
|
MITRE ATT&CK - Courses of Action
|
8 |
0 |
1 |
|
MITRE ATT&CK CoA - T1105 - Ingress tool transfer
|
MITRE ATT&CK - Courses of Action
|
12 |
4 |
1 |
|
MITRE ATT&CK CoA - T1110 - Brute Force
|
MITRE ATT&CK - Courses of Action
|
7 |
3 |
1 |
|
MITRE ATT&CK CoA - T1133 - External Remote Services
|
MITRE ATT&CK - Courses of Action
|
11 |
3 |
1 |
|
MITRE ATT&CK CoA - T1135 - Network Share Discovery
|
MITRE ATT&CK - Courses of Action
|
8 |
0 |
1 |
|
MITRE ATT&CK CoA - T1189 - Drive-by Compromise
|
MITRE ATT&CK - Courses of Action
|
14 |
4 |
1 |
|
MITRE ATT&CK CoA - T1199 - Trusted Relationship
|
MITRE ATT&CK - Courses of Action
|
5 |
0 |
1 |
|
MITRE ATT&CK CoA - T1204 - User Execution
|
MITRE ATT&CK - Courses of Action
|
24 |
6 |
0 |
|
MITRE ATT&CK CoA - T1486 - Data Encrypted for Impact
|
MITRE ATT&CK - Courses of Action
|
9 |
0 |
1 |
|
MITRE ATT&CK CoA - T1518 - Software Discovery
|
MITRE ATT&CK - Courses of Action
|
8 |
0 |
1 |
|
MITRE ATT&CK CoA - T1543.003 - Windows Service
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1547 - Boot or Logon Autostart Execution
|
MITRE ATT&CK - Courses of Action
|
12 |
0 |
1 |
|
MITRE ATT&CK CoA - T1547.001 - Registry Run Keys Startup Folder
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1560.001 - Archive via Utility
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1562.001 - Disable or Modify Tools
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1564.004 - NTFS File Attributes
|
MITRE ATT&CK - Courses of Action
|
12 |
4 |
1 |
|
MITRE ATT&CK CoA - T1566 - Phishing
|
MITRE ATT&CK - Courses of Action
|
20 |
4 |
1 |
|
MITRE ATT&CK CoA - T1566.001 - Spear-Phishing Attachment
|
MITRE ATT&CK - Courses of Action
|
14 |
4 |
1 |
|
MITRE ATT&CK CoA - T1569.002 - Service Execution
|
MITRE ATT&CK - Courses of Action
|
7 |
0 |
1 |
|
MITRE ATT&CK CoA - T1573.002 - Asymmetric Cryptography
|
MITRE ATT&CK - Courses of Action
|
12 |
4 |
1 |
|
Malcore alert related file
|
Gatewatcher AionIQ
|
3 |
0 |
0 |
|
Malware Investigation & Response Incident Handler
|
Malware Investigation and Response
|
18 |
19 |
0 |
|
Malware Investigation - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
10 |
1 |
0 |
|
Malware Investigation - Generic - Setup
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
17 |
6 |
3 |
|
Malware Investigation - Manual
Deprecated
|
Malware Core
|
91 |
0 |
0 |
|
Malware Investigation and Response - Set Alerts Grid
|
Malware Investigation and Response
|
10 |
7 |
0 |
|
Malware Playbook - Manual
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
89 |
0 |
0 |
|
Malware SIEM Ingestion - Get Incident Data
|
Malware Investigation and Response
|
5 |
4 |
18 |
|
McAfee ePO Endpoint Compliance Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
13 |
0 |
0 |
|
McAfee ePO Endpoint Compliance Playbook v2
|
McAfee ePO
|
12 |
0 |
0 |
|
McAfee ePO Endpoint Connectivity Diagnostics Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
0 |
0 |
|
McAfee ePO Endpoint Connectivity Diagnostics Playbook v2
|
McAfee ePO
|
12 |
0 |
0 |
|
McAfee ePO Repository Compliance Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
0 |
0 |
|
McAfee ePO Repository Compliance Playbook v2
|
McAfee ePO
|
12 |
0 |
0 |
|
Message Quarantine - Cofense Vision
|
Cofense Vision
|
11 |
18 |
45 |
|
Microsoft 365 Defender - Emails Indicators Hunt
|
Microsoft 365 Defender
|
15 |
7 |
23 |
|
Microsoft 365 Defender - Get Email URL Clicks
|
Microsoft 365 Defender
|
10 |
6 |
32 |
|
Microsoft 365 Defender - Threat Hunting Generic
|
Microsoft 365 Defender
|
4 |
8 |
35 |
|
Microsoft Defender For Endpoint - Isolate Endpoint
|
Microsoft Defender for Endpoint
|
23 |
4 |
6 |
|
Microsoft Defender For Endpoint - Unisolate Endpoint
|
Microsoft Defender for Endpoint
|
23 |
3 |
6 |
|
Microsoft Defender for Endpoint - Malware Detected
|
Microsoft Defender for Endpoint
|
12 |
0 |
0 |
|
Mimecast - Block Sender Domain
|
Mimecast
|
6 |
3 |
0 |
|
Mimecast - Block Sender Email
|
Mimecast
|
6 |
3 |
0 |
|
Mirror Jira Ticket
|
Atlassian Jira
|
5 |
7 |
0 |
|
Mirror ServiceNow Ticket
|
ServiceNow
|
5 |
7 |
0 |
|
MockPlaybook
|
Content Testing
|
3 |
0 |
0 |
|
MockSubplaybook
|
Content Testing
|
3 |
2 |
0 |
|
NCSC CAF Assessment
|
NCSC Cyber Asssessment Framework
|
41 |
5 |
0 |
|
NGFW Internal Scan
|
Core
|
16 |
23 |
0 |
|
NGFW Scan
|
Core
|
31 |
28 |
0 |
|
NIST - Handling an Incident Template
|
NIST
|
24 |
0 |
0 |
|
NIST - Lessons Learned
|
NIST
|
6 |
2 |
10 |
|
NMAP - Banner Check
|
Nmap
|
11 |
4 |
3 |
|
NMAP - Single Port Scan
|
Nmap
|
10 |
3 |
3 |
|
NOBELIUM - wide scale APT29 spear-phishing
|
Rapid Breach Response
|
34 |
4 |
0 |
|
NSA - 5 Security Vulnerabilities Under Active Nation-State Attack
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
22 |
1 |
0 |
|
NetOps - Firewall Version and Content Upgrade
|
PAN-OS by Palo Alto Networks
|
15 |
1 |
0 |
|
NetOps - Upgrade PAN-OS Firewall Device
|
PAN-OS by Palo Alto Networks
|
4 |
1 |
0 |
|
NetOps Panorama coverage by CVE
|
PAN-OS by Palo Alto Networks
|
3 |
0 |
0 |
|
NetSec - Palo Alto Networks DUG - Tag User
|
PAN-OS by Palo Alto Networks
|
7 |
3 |
0 |
|
New Hire Auto-Add
|
Code42
|
12 |
0 |
0 |
|
New Hire Clean-Up
|
Code42
|
11 |
0 |
0 |
|
New York - Breach Notification
|
US - Breach Notification
|
38 |
7 |
8 |
|
Nexpose - Create and Download Report
|
Rapid7 InsightVM
|
10 |
7 |
9 |
|
O365 - Security And Compliance - Search
Deprecated
|
Microsoft Exchange Online
|
15 |
14 |
63 |
|
O365 - Security And Compliance - Search Action - Delete
Deprecated
|
Microsoft Exchange Online
|
8 |
4 |
32 |
|
O365 - Security And Compliance - Search Action - Preview
Deprecated
|
Microsoft Exchange Online
|
6 |
3 |
32 |
|
O365 - Security And Compliance - Search And Delete
Deprecated
|
Microsoft Exchange Online
|
19 |
12 |
0 |
|
Office 365 Search and Delete
Deprecated
|
Microsoft Exchange Online
|
10 |
1 |
0 |
|
Office 365 and Azure Configuration Analysis
|
Office 365 and Azure (Audit Log)
|
16 |
2 |
0 |
|
Office 365 and Azure Hunting
|
Office 365 and Azure (Audit Log)
|
19 |
0 |
0 |
|
Okta - User Investigation
|
Okta
|
40 |
3 |
10 |
|
PAN-OS - Add Domains EDL To Anti-Spyware
|
PAN-OS by Palo Alto Networks
|
11 |
7 |
0 |
|
PAN-OS - Add Static Routes
|
PAN-OS by Palo Alto Networks
|
12 |
7 |
0 |
|
PAN-OS - Apply Security Profile to Policy Rule
|
MITRE ATT&CK - Courses of Action
|
17 |
5 |
0 |
|
PAN-OS - Block Destination Service
|
PAN-OS by Palo Alto Networks
|
22 |
13 |
0 |
|
PAN-OS - Block Domain - External Dynamic List
Deprecated Hidden
|
Palo Alto Networks PAN-OS EDL Management (Deprecated)
|
10 |
7 |
0 |
|
PAN-OS - Block IP
|
PAN-OS by Palo Alto Networks
|
9 |
1 |
0 |
|
PAN-OS - Block IP - Custom Block Rule
|
PAN-OS by Palo Alto Networks
|
12 |
3 |
0 |
|
PAN-OS - Block IP - Static Address Group
|
PAN-OS by Palo Alto Networks
|
14 |
4 |
0 |
|
PAN-OS - Block IP - Static Address Group
|
PAN-OS by Palo Alto Networks
|
14 |
4 |
0 |
|
PAN-OS - Block IP and URL - External Dynamic List
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
17 |
13 |
0 |
|
PAN-OS - Block IP and URL - External Dynamic List v2
Deprecated Hidden
|
Palo Alto Networks PAN-OS EDL Management (Deprecated)
|
20 |
13 |
0 |
|
PAN-OS - Block IPs From EDL - Custom Block Rule
|
PAN-OS by Palo Alto Networks
|
11 |
4 |
0 |
|
PAN-OS - Block URL - Custom URL Category
|
PAN-OS by Palo Alto Networks
|
19 |
8 |
0 |
|
PAN-OS - Block URL - Custom URL Category
|
PAN-OS by Palo Alto Networks
|
19 |
8 |
0 |
|
PAN-OS - Block all unknown and unauthorized applications
|
MITRE ATT&CK - Courses of Action
|
8 |
3 |
0 |
|
PAN-OS - Create Or Edit EDL Rule
|
PAN-OS by Palo Alto Networks
|
15 |
9 |
0 |
|
PAN-OS - Create Or Edit Rule
|
PAN-OS by Palo Alto Networks
|
11 |
9 |
0 |
|
PAN-OS - Delete Static Routes
|
PAN-OS by Palo Alto Networks
|
8 |
3 |
0 |
|
PAN-OS - Enforce Anti-Spyware Best Practices Profile
|
MITRE ATT&CK - Courses of Action
|
34 |
3 |
0 |
|
PAN-OS - Enforce Anti-Virus Best Practices Profile
|
MITRE ATT&CK - Courses of Action
|
34 |
3 |
0 |
|
PAN-OS - Enforce File Blocking Best Practices Profile
|
MITRE ATT&CK - Courses of Action
|
30 |
3 |
0 |
|
PAN-OS - Enforce URL Filtering Best Practices Profile
|
MITRE ATT&CK - Courses of Action
|
34 |
3 |
0 |
|
PAN-OS - Enforce Vulnerability Protection Best Practices Profile
|
MITRE ATT&CK - Courses of Action
|
34 |
3 |
0 |
|
PAN-OS - Enforce WildFire Best Practices Profile
|
MITRE ATT&CK - Courses of Action
|
36 |
4 |
0 |
|
PAN-OS Commit Configuration
Deprecated
|
PAN-OS by Palo Alto Networks
|
19 |
1 |
2 |
|
PAN-OS DAG Configuration
|
PAN-OS by Palo Alto Networks
|
11 |
12 |
0 |
|
PAN-OS DAG Configuration
|
PAN-OS by Palo Alto Networks
|
11 |
12 |
0 |
|
PAN-OS EDL Setup
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
16 |
12 |
0 |
|
PAN-OS EDL Setup v2
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
20 |
13 |
1 |
|
PAN-OS EDL Setup v3
Deprecated Hidden
|
Palo Alto Networks PAN-OS EDL Management (Deprecated)
|
20 |
13 |
3 |
|
PAN-OS Log Forwarding Setup And Configuration
|
PAN-OS by Palo Alto Networks
|
11 |
5 |
0 |
|
PAN-OS Query Logs For Indicators
|
PAN-OS by Palo Alto Networks
|
18 |
3 |
40 |
|
PAN-OS create or edit policy
|
Change Management
|
19 |
17 |
0 |
|
PAN-OS edit policy
|
Change Management
|
11 |
2 |
0 |
|
PANW - Hunting and threat detection by indicator type
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
81 |
5 |
4 |
|
PANW IoT Incident Handling with ServiceNow
|
IoT by Palo Alto Networks
|
12 |
2 |
2 |
|
PANW IoT ServiceNow Tickets Check
|
IoT by Palo Alto Networks
|
5 |
0 |
0 |
|
PCAP Analysis
|
PCAP Analysis
|
11 |
21 |
11 |
|
PCAP File Carving
|
PCAP Analysis
|
13 |
10 |
14 |
|
PCAP Parsing And Indicator Enrichment
|
PCAP Analysis
|
50 |
10 |
9 |
|
PCAP Search
|
PCAP Analysis
|
29 |
10 |
6 |
|
PII Check - Breach Notification
|
US - Breach Notification
|
18 |
0 |
0 |
|
PS Remote Get File Sample From Path
|
Windows Forensics
|
10 |
4 |
2 |
|
PS-Remote Acquire Host Forensics
|
Windows Forensics
|
11 |
4 |
3 |
|
PS-Remote Get MFT
|
Windows Forensics
|
12 |
5 |
1 |
|
PS-Remote Get Network Traffic
|
Windows Forensics
|
12 |
7 |
1 |
|
PS-Remote Get Registry
|
Windows Forensics
|
12 |
5 |
1 |
|
Palo Alto Networks - Automatic SLR (Community)
|
Automatic SLR by Palo Alto Networks
|
7 |
0 |
0 |
|
Palo Alto Networks BPA - Submit Scan
|
MITRE ATT&CK - Courses of Action
|
10 |
2 |
7 |
|
Panorama Query Logs
|
PAN-OS by Palo Alto Networks
|
4 |
13 |
41 |
|
PanoramaCommitConfiguration
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
1 |
0 |
|
PanoramaQueryTrafficLogs
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
8 |
9 |
0 |
|
Pentera Filter And Create Incident
|
Pentera
|
22 |
7 |
0 |
|
Pentera Run Scan
|
Pentera
|
9 |
1 |
1 |
|
Pentera Run Scan and Create Incidents
|
Pentera
|
4 |
1 |
0 |
|
PhishLabs - Populate Indicators
|
PhishLabs
|
5 |
5 |
0 |
|
PhishLabs - Whitelist false positives
|
PhishLabs
|
5 |
1 |
0 |
|
Phishing - Create New Incident
|
Phishing
|
3 |
3 |
1 |
|
Phishing - Get Original Email Loop
|
Phishing
|
8 |
3 |
4 |
|
Phishing - Handle Microsoft 365 Defender Results
|
Phishing
|
29 |
3 |
2 |
|
Phishing - Indicators Hunting
|
Phishing
|
5 |
3 |
0 |
|
Phishing - Search Related Incidents (Defender 365)
|
Phishing
|
8 |
1 |
4 |
|
Phishing Alerts - Check Severity
|
PhishingAlerts
|
12 |
8 |
0 |
|
Phishing Alerts Investigation
|
PhishingAlerts
|
30 |
16 |
0 |
|
Phishing Investigation - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
32 |
4 |
0 |
|
Phishing Playbook - Automated
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
31 |
1 |
0 |
|
Phishing Playbook - Manual
|
Phishing
|
36 |
0 |
0 |
|
Phishing Triage and Response - Google Threat Intelligence
|
GoogleThreatIntelligence
|
18 |
1 |
0 |
|
PhishingDemo-Onboarding
|
OnboardingIntegration
|
11 |
0 |
0 |
|
Policy Optimizer - Add Applications to Policy Rules
|
PAN-OS Policy Optimizer (beta)
|
9 |
1 |
1 |
|
Policy Optimizer - Generic
|
PAN-OS Policy Optimizer (beta)
|
11 |
3 |
0 |
|
Policy Optimizer - Manage Port Based Rules
|
PAN-OS Policy Optimizer (beta)
|
24 |
3 |
0 |
|
Policy Optimizer - Manage Rules with Unused Applications
|
PAN-OS Policy Optimizer (beta)
|
24 |
3 |
0 |
|
Policy Optimizer - Manage Unused Rules
|
PAN-OS Policy Optimizer (beta)
|
25 |
3 |
0 |
|
Possible External RDP Brute-Force
|
Core
|
51 |
12 |
0 |
|
Possible External RDP Brute-Force - Set Verdict
|
Core
|
16 |
7 |
1 |
|
Post Intrusion Ransomware Investigation
|
Ransomware
|
41 |
5 |
0 |
|
Prepare your CTF
|
Capture The Flag - 01
|
26 |
0 |
0 |
|
Prisma Access - Logout User
|
Palo Alto Networks - Strata Cloud Manager
|
4 |
3 |
0 |
|
Prisma Access - Connection Health Check
|
Palo Alto Networks - Strata Cloud Manager
|
9 |
0 |
0 |
|
Prisma Cloud - Find AWS Resource by FQDN
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
33 |
2 |
1 |
|
Prisma Cloud - Find AWS Resource by FQDN v2
|
Prisma Cloud by Palo Alto Networks
|
33 |
2 |
1 |
|
Prisma Cloud - Find AWS Resource by Public IP
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
1 |
|
Prisma Cloud - Find AWS Resource by Public IP v2
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
2 |
|
Prisma Cloud - Find Azure Resource by FQDN
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
31 |
2 |
1 |
|
Prisma Cloud - Find Azure Resource by FQDN v2
|
Prisma Cloud by Palo Alto Networks
|
31 |
2 |
1 |
|
Prisma Cloud - Find Azure Resource by Public IP
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
1 |
|
Prisma Cloud - Find Azure Resource by Public IP v2
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
2 |
|
Prisma Cloud - Find GCP Resource by FQDN
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
19 |
2 |
1 |
|
Prisma Cloud - Find GCP Resource by FQDN v2
|
Prisma Cloud by Palo Alto Networks
|
19 |
2 |
1 |
|
Prisma Cloud - Find GCP Resource by Public IP
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
1 |
|
Prisma Cloud - Find GCP Resource by Public IP v2
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
2 |
|
Prisma Cloud - Find Public Cloud Resource by FQDN
|
Prisma Cloud by Palo Alto Networks
|
16 |
2 |
1 |
|
Prisma Cloud - Find Public Cloud Resource by Public IP
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
1 |
|
Prisma Cloud - Find Public Cloud Resource by Public IP v2
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
2 |
|
Prisma Cloud - Network API and Anomaly Incidents
|
Prisma Cloud by Palo Alto Networks
|
39 |
20 |
0 |
|
Prisma Cloud - VM Alert Prioritization
|
Prisma Cloud by Palo Alto Networks
|
35 |
5 |
0 |
|
Prisma Cloud Compute - Cloud Discovery Alert
|
Prisma Cloud Compute by Palo Alto Networks
|
2 |
0 |
0 |
|
Prisma Cloud Correlate Alerts
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
2 |
|
Prisma Cloud Correlate Alerts v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
2 |
|
Prisma Cloud Remediation - AWS CloudTrail Is Not Integrated With CloudWatch Logs
|
Prisma Cloud by Palo Alto Networks
|
18 |
0 |
0 |
|
Prisma Cloud Remediation - AWS CloudTrail Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
14 |
2 |
0 |
|
Prisma Cloud Remediation - AWS CloudTrail Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
14 |
2 |
0 |
|
Prisma Cloud Remediation - AWS CloudTrail Trail Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
9 |
1 |
0 |
|
Prisma Cloud Remediation - AWS CloudTrail is not Enabled on the Account
|
Prisma Cloud by Palo Alto Networks
|
10 |
2 |
0 |
|
Prisma Cloud Remediation - AWS EC2 Instance Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
0 |
|
Prisma Cloud Remediation - AWS EC2 Instance Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
0 |
|
Prisma Cloud Remediation - AWS EC2 Security Group Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
13 |
1 |
0 |
|
Prisma Cloud Remediation - AWS IAM Password Policy Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
13 |
1 |
0 |
|
Prisma Cloud Remediation - AWS IAM Policy Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
0 |
|
Prisma Cloud Remediation - AWS IAM Policy Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
0 |
|
Prisma Cloud Remediation - AWS IAM User Policy Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
8 |
1 |
0 |
|
Prisma Cloud Remediation - AWS Inactive Users For More Than 30 Days
|
Prisma Cloud by Palo Alto Networks
|
12 |
1 |
0 |
|
Prisma Cloud Remediation - AWS Security Groups Allows Internet Traffic To TCP Port
|
Prisma Cloud by Palo Alto Networks
|
12 |
1 |
0 |
|
Prisma Cloud Remediation - Azure AKS Cluster Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
9 |
1 |
1 |
|
Prisma Cloud Remediation - Azure AKS Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
1 |
|
Prisma Cloud Remediation - Azure AKS Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
1 |
|
Prisma Cloud Remediation - Azure Network Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
3 |
1 |
|
Prisma Cloud Remediation - Azure Network Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
3 |
1 |
|
Prisma Cloud Remediation - Azure Network Security Group Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
16 |
2 |
1 |
|
Prisma Cloud Remediation - Azure SQL Database Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
9 |
1 |
0 |
|
Prisma Cloud Remediation - Azure SQL Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - Azure SQL Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - Azure Storage Blob Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
9 |
1 |
0 |
|
Prisma Cloud Remediation - Azure Storage Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - Azure Storage Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - GCP Compute Engine Instance Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
11 |
1 |
0 |
|
Prisma Cloud Remediation - GCP Compute Engine Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - GCP Compute Engine Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - GCP Kubernetes Engine Cluster Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
26 |
1 |
0 |
|
Prisma Cloud Remediation - GCP Kubernetes Engine Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - GCP Kubernetes Engine Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
12 |
2 |
0 |
|
Prisma Cloud Remediation - GCP VPC Network Firewall Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
14 |
1 |
0 |
|
Prisma Cloud Remediation - GCP VPC Network Misconfiguration
Deprecated Hidden
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
0 |
|
Prisma Cloud Remediation - GCP VPC Network Misconfiguration v2
|
Prisma Cloud by Palo Alto Networks
|
13 |
2 |
0 |
|
Prisma Cloud Remediation - GCP VPC Network Project Misconfiguration
|
Prisma Cloud by Palo Alto Networks
|
10 |
1 |
0 |
|
Prisma SASE - Add IPs to Static Address Group
|
Palo Alto Networks - Strata Cloud Manager
|
11 |
5 |
19 |
|
Prisma SASE - Block IP
|
Palo Alto Networks - Strata Cloud Manager
|
13 |
5 |
36 |
|
Prisma SASE - Block URL
|
Palo Alto Networks - Strata Cloud Manager
|
14 |
5 |
29 |
|
Prisma SASE - Create Address Object
|
Palo Alto Networks - Strata Cloud Manager
|
9 |
6 |
8 |
|
Prisma SASE - Create a security pre-rule for EDL
|
Palo Alto Networks - Strata Cloud Manager
|
10 |
9 |
32 |
|
Prisma SASE - Create or Edit EDL object
|
Palo Alto Networks - Strata Cloud Manager
|
11 |
11 |
12 |
|
Prisma SASE - Create or Edit Security Policy Rule
|
Palo Alto Networks - Strata Cloud Manager
|
12 |
12 |
25 |
|
Prisma SASE - Quarantine a SentinelOne Host With Active Threat
|
Palo Alto Networks - Strata Cloud Manager
|
10 |
0 |
0 |
|
Proactive Threat Hunting
|
Proactive Threat Hunting
|
11 |
3 |
0 |
|
Proactive Threat Hunting - Block Account
|
Proactive Threat Hunting
|
8 |
0 |
0 |
|
Proactive Threat Hunting - Block Indicators
|
Proactive Threat Hunting
|
15 |
0 |
0 |
|
Proactive Threat Hunting - Endpoint Isolation
|
Proactive Threat Hunting
|
8 |
0 |
0 |
|
Proactive Threat Hunting - Entity Enrichment
|
Proactive Threat Hunting
|
30 |
0 |
0 |
|
Proactive Threat Hunting - Execute Query
|
Proactive Threat Hunting
|
16 |
0 |
0 |
|
Proactive Threat Hunting - Quarantine File
|
Proactive Threat Hunting
|
6 |
0 |
0 |
|
Proactive Threat Hunting - SDO Threat Hunting
|
Proactive Threat Hunting
|
26 |
4 |
0 |
|
Process Email
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
4 |
0 |
0 |
|
Process Email - Add custom fields
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
16 |
1 |
0 |
|
Process Email - EWS
|
Microsoft Exchange On-Premise
|
6 |
0 |
11 |
|
Process Incident - Vectra Detect
|
Vectra AI
|
12 |
2 |
0 |
|
Process Incident - Vectra XDR
|
Vectra XDR
|
8 |
0 |
0 |
|
Process QWatch Alert - Qintel
|
Qintel
|
6 |
1 |
0 |
|
Proofpoint TAP - Event Enrichment
|
Proofpoint TAP
|
21 |
0 |
147 |
|
Pull Request Creation - AzureDevOps
|
XSOAR CI/CD
|
29 |
5 |
0 |
|
Pull Request Creation - Bitbucket
|
XSOAR CI/CD
|
32 |
4 |
0 |
|
Pull Request Creation - Generic
|
XSOAR CI/CD
|
22 |
5 |
0 |
|
Pull Request Creation - GitLab
|
XSOAR CI/CD
|
28 |
3 |
0 |
|
Pull Request Creation - Github
|
XSOAR CI/CD
|
27 |
3 |
0 |
|
QRadar - Get Offense Logs
|
IBM QRadar
|
19 |
6 |
8 |
|
QRadar - Get offense correlations
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
7 |
4 |
23 |
|
QRadar - Get offense correlations v2
Deprecated
|
IBM QRadar
|
17 |
7 |
22 |
|
QRadar Build Query and Search
|
IBM QRadar
|
8 |
15 |
6 |
|
QRadar Generic
|
IBM QRadar
|
37 |
16 |
0 |
|
QRadar Get Hunting Results
|
IBM QRadar
|
18 |
4 |
5 |
|
QRadar Indicator Hunting
Deprecated
|
IBM QRadar
|
77 |
13 |
4 |
|
QRadar Indicator Hunting V2
|
IBM QRadar
|
57 |
14 |
5 |
|
QRadarCorrelationLog
Deprecated
|
IBM QRadar
|
7 |
6 |
1 |
|
QRadarFullSearch
Deprecated
|
IBM QRadar
|
10 |
5 |
1 |
|
Query Cisco Stealthwatch Flows
|
Cisco Secure Network Analytics (Stealthwatch)
|
7 |
5 |
1 |
|
Query using Sigma rules
|
Sigma
|
32 |
1 |
0 |
|
RDP Bitmap Cache - Detect and Hunt
|
RDPCacheHunting
|
38 |
10 |
0 |
|
Ransomware Advanced Analysis
|
Core
|
12 |
0 |
0 |
|
Ransomware Enrich and Contain
|
Core
|
27 |
4 |
0 |
|
Ransomware Exposure - RiskSense
|
RiskSense
|
11 |
0 |
4 |
|
Ransomware Playbook - Manual
|
Ransomware
|
47 |
0 |
0 |
|
Ransomware Response
|
Core
|
30 |
29 |
0 |
|
Rapid Breach Response - Set Incident Info
|
Rapid Breach Response
|
11 |
3 |
0 |
|
Rapid IOC Hunting Playbook
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
0 |
0 |
|
Rapid ransomware containment - Illumio
|
Illumio Rapid Ransomware Containment
|
22 |
4 |
0 |
|
Rapid7 InsightIDR - Execution Flow Indicators Hunting
|
Rapid7 InsightIDR
|
34 |
18 |
1 |
|
Rapid7 InsightIDR - File Indicators Hunting
|
Rapid7 InsightIDR
|
34 |
18 |
1 |
|
Rapid7 InsightIDR - HTTP Requests Indicators Hunting
|
Rapid7 InsightIDR
|
24 |
14 |
1 |
|
Rapid7 InsightIDR - Indicators Hunting
|
Rapid7 InsightIDR
|
10 |
53 |
1 |
|
Rapid7 InsightIDR - Traffic Indicators Hunting
|
Rapid7 InsightIDR
|
39 |
21 |
1 |
|
Recorded Future - Identity Exposure
|
Recorded Future Identity
|
24 |
0 |
0 |
|
Recorded Future - Threat Actor Search
|
Recorded Future Intelligence
|
16 |
1 |
0 |
|
Recorded Future CVE Intelligence
|
Recorded Future Intelligence
|
7 |
1 |
87 |
|
Recorded Future CVE Reputation
|
Recorded Future Intelligence
|
7 |
1 |
16 |
|
Recorded Future Detailed Alert example
|
Recorded Future Intelligence
|
3 |
1 |
0 |
|
Recorded Future Domain Abuse
|
Recorded Future Intelligence
|
16 |
0 |
0 |
|
Recorded Future Domain Intelligence
|
Recorded Future Intelligence
|
7 |
1 |
87 |
|
Recorded Future Domain Reputation
|
Recorded Future Intelligence
|
7 |
1 |
18 |
|
Recorded Future Entity Enrichment
|
Recorded Future Intelligence
|
22 |
6 |
5 |
|
Recorded Future External Usecase
Deprecated
|
Recorded Future Identity
|
7 |
0 |
0 |
|
Recorded Future File Intelligence
|
Recorded Future Intelligence
|
11 |
3 |
93 |
|
Recorded Future File Reputation
|
Recorded Future Intelligence
|
11 |
3 |
23 |
|
Recorded Future IOC Reputation
|
Recorded Future Intelligence
|
7 |
6 |
77 |
|
Recorded Future IP Intelligence
|
Recorded Future Intelligence
|
7 |
1 |
97 |
|
Recorded Future IP Reputation
|
Recorded Future Intelligence
|
7 |
1 |
18 |
|
Recorded Future Identity - Create Incident (sub)
Deprecated
|
Recorded Future Identity
|
6 |
2 |
0 |
|
Recorded Future Identity - Identity Found (incident)
Deprecated
|
Recorded Future Identity
|
15 |
0 |
0 |
|
Recorded Future Identity - Lookup Identities (parent)
Deprecated
|
Recorded Future Identity
|
7 |
0 |
0 |
|
Recorded Future Leaked Credential Alert Handling
|
Recorded Future Intelligence
|
10 |
1 |
0 |
|
Recorded Future List Management
|
Recorded Future Intelligence
|
10 |
0 |
0 |
|
Recorded Future Playbook Alert Details
|
Recorded Future Intelligence
|
2 |
0 |
0 |
|
Recorded Future Sandbox
|
Recorded Future Intelligence
|
26 |
1 |
5 |
|
Recorded Future Threat Assessment
|
Recorded Future Intelligence
|
7 |
9 |
29 |
|
Recorded Future Typosquat Alert Handling
|
Recorded Future Intelligence
|
14 |
1 |
0 |
|
Recorded Future URL Intelligence
|
Recorded Future Intelligence
|
7 |
1 |
87 |
|
Recorded Future URL Reputation
|
Recorded Future Intelligence
|
7 |
1 |
18 |
|
Recorded Future Vulnerability
|
Recorded Future Intelligence
|
17 |
0 |
0 |
|
Recorded Future Vulnerability Alert Handling
|
Recorded Future Intelligence
|
5 |
1 |
0 |
|
Recorded Future Workforce Usecase
Deprecated
|
Recorded Future Identity
|
7 |
0 |
0 |
|
Recovery Plan
|
Common Playbooks
|
6 |
4 |
0 |
|
Registry Parse Data Analysis
|
Windows Forensics
|
3 |
3 |
1 |
|
Remediate Message - Agari Phishing Defense
|
Agari Phishing Defense
|
6 |
3 |
0 |
|
Remote PsExec with LOLBIN command execution alert
|
Core
|
20 |
4 |
0 |
|
Remove Employees from Departing Employee Watchlist
|
Code42
|
15 |
2 |
0 |
|
Remove Employees from New Hire Watchlist
|
Code42
|
12 |
2 |
0 |
|
Report Categorization - Cofense Triage v3
|
Cofense Triage
|
23 |
5 |
0 |
|
Residents Notification - Breach Notification
|
US - Breach Notification
|
21 |
6 |
0 |
|
Retrieve Alert Attachments - Rapid7 ThreatCommand
|
Rapid7 - Threat Command (IntSights)
|
8 |
3 |
0 |
|
Retrieve Alerts For IOCs - Dataminr Pulse
|
Dataminr Pulse
|
10 |
3 |
0 |
|
Retrieve Asset Details - Lansweeper
|
Lansweeper
|
8 |
0 |
0 |
|
Retrieve Email Data - Agari Phishing Defense
|
Agari Phishing Defense
|
42 |
2 |
1 |
|
Retrieve File from Endpoint - Generic
Deprecated
|
Common Playbooks
|
4 |
5 |
0 |
|
Retrieve File from Endpoint - Generic V2
Deprecated
|
Common Playbooks
|
4 |
6 |
11 |
|
Retrieve File from Endpoint - Generic V3
|
Common Playbooks
|
4 |
5 |
11 |
|
Retrieve Related Alerts - Dataminr Pulse
|
Dataminr Pulse
|
7 |
1 |
0 |
|
RiskIQAsset Basic Information Enrichment - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
11 |
2 |
0 |
|
Rubrik Anomaly Incident Response - Rubrik Polaris
|
Rubrik Security Cloud
|
21 |
0 |
0 |
|
Rubrik DSPM Violation Remediation - Rubrik Security Cloud
|
Rubrik Security Cloud
|
19 |
6 |
0 |
|
Rubrik Data Object Discovery - Rubrik Polaris
|
Rubrik Security Cloud
|
11 |
2 |
0 |
|
Rubrik File Context Analysis - Rubrik Polaris
|
Rubrik Security Cloud
|
14 |
5 |
63 |
|
Rubrik Fileset Ransomware Discovery - Rubrik Polaris
|
Rubrik Security Cloud
|
15 |
2 |
0 |
|
Rubrik IOC Scan - Rubrik Polaris
|
Rubrik Security Cloud
|
38 |
17 |
3 |
|
Rubrik IOC Scan v2 - Rubrik Polaris
|
Rubrik Security Cloud
|
19 |
16 |
1 |
|
Rubrik IR Violation Remediation - Rubrik Security Cloud
|
Rubrik Security Cloud
|
13 |
2 |
0 |
|
Rubrik List Snapshots - Rubrik Polaris
|
Rubrik Security Cloud
|
6 |
1 |
0 |
|
Rubrik Object Context Analysis - Rubrik Polaris
|
Rubrik Security Cloud
|
4 |
2 |
0 |
|
Rubrik Polaris - Anomaly Analysis
|
Rubrik Security Cloud
|
13 |
0 |
0 |
|
Rubrik Poll Async Result - Rubrik Polaris
|
Rubrik Security Cloud
|
6 |
5 |
1 |
|
Rubrik Quarantine Files General
|
Rubrik Security Cloud
|
7 |
2 |
0 |
|
Rubrik Quarantine Files using MS Graph Search
|
Rubrik Security Cloud
|
16 |
3 |
0 |
|
Rubrik Ransomware Discovery and File Recovery - Rubrik Polaris
|
Rubrik Security Cloud
|
47 |
2 |
0 |
|
Rubrik Ransomware Discovery and VM Recovery - Rubrik Polaris
|
Rubrik Security Cloud
|
52 |
2 |
0 |
|
Rubrik Retrieve Anomaly Result - Rubrik Security Cloud
|
Rubrik Security Cloud
|
22 |
5 |
35 |
|
Rubrik Retrieve User Access Information - Rubrik Polaris
|
Rubrik Security Cloud
|
16 |
4 |
31 |
|
Rubrik Turbo IOC Scan - Rubrik Polaris
|
Rubrik Security Cloud
|
9 |
8 |
1 |
|
Rubrik Update Anomaly Status- Rubrik Security Cloud
|
Rubrik Security Cloud
|
17 |
3 |
0 |
|
Rubrik User Access Analysis - Rubrik Polaris
|
Rubrik Security Cloud
|
12 |
4 |
0 |
|
Rubrik Workload Analysis - Rubrik Security Cloud
|
Rubrik Security Cloud
|
13 |
3 |
0 |
|
Run Panorama Best Practice Assessment (Deprecated)
Deprecated
|
Best Practice Assessment (BPA) by Palo Alto Networks (Deprecated)
|
5 |
0 |
0 |
|
SANS - Incident Handler's Handbook Template
|
SANS
|
22 |
0 |
0 |
|
SANS - Incident Handlers Checklist
|
SANS
|
55 |
2 |
0 |
|
SANS - Lessons Learned
|
SANS
|
6 |
2 |
8 |
|
SIEM - Search for Failed logins
|
Common Playbooks
|
16 |
6 |
4 |
|
SOCRadar Incident
|
SOCRadar
|
21 |
1 |
0 |
|
SSL_Certificate_Verification
|
SSL Certificates
|
15 |
0 |
0 |
|
SafeNet Trusted Access - Add to Unusual Activity Group
|
Thales SafeNet Trusted Access
|
24 |
4 |
0 |
|
SafeNet Trusted Access - Terminate User SSO Sessions
|
Thales SafeNet Trusted Access
|
20 |
2 |
0 |
|
Scan Assets - Nexpose
Deprecated
|
Rapid7 InsightVM
|
8 |
3 |
11 |
|
Scan Site - Nexpose
|
Rapid7 InsightVM
|
7 |
3 |
11 |
|
Schedule Task and Poll
|
Schedule Task and Poll
|
5 |
6 |
1 |
|
Search And Block Software - Generic
|
Common Playbooks
|
8 |
3 |
0 |
|
Search And Delete Emails - EWS
|
Microsoft Exchange On-Premise
|
11 |
6 |
0 |
|
Search And Delete Emails - Generic
Deprecated
|
Common Playbooks
|
3 |
3 |
0 |
|
Search And Delete Emails - Generic v2
|
Common Playbooks
|
23 |
11 |
0 |
|
Search And Delete Emails - Gmail
|
Gmail
|
15 |
6 |
0 |
|
Search And Delete Emails - Microsoft Graph Security
|
Microsoft Graph Security
|
58 |
13 |
0 |
|
Search Endpoint by CVE - Generic
|
Common Playbooks
|
17 |
1 |
3 |
|
Search Endpoints By Hash - Carbon Black Protection
|
Carbon Black Enterprise Protection
|
9 |
1 |
2 |
|
Search Endpoints By Hash - Carbon Black Response
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
7 |
1 |
2 |
|
Search Endpoints By Hash - Carbon Black Response V2
|
Carbon Black Enterprise Response
|
7 |
1 |
2 |
|
Search Endpoints By Hash - CrowdStrike
Deprecated Hidden
|
FalconHost (Deprecated)
|
13 |
3 |
2 |
|
Search Endpoints By Hash - Cybereason
|
Cybereason
|
9 |
2 |
1 |
|
Search Endpoints By Hash - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
11 |
3 |
2 |
|
Search Endpoints By Hash - Generic V2
|
Common Playbooks
|
11 |
3 |
2 |
|
Search Endpoints By Hash - TIE
|
McAfee Threat Intelligence Exchange
|
10 |
1 |
2 |
|
Search For Hash In Sandbox - Generic
|
Common Playbooks
|
29 |
1 |
6 |
|
Search LOLBAS Tools By Name
|
LOLBAS Feed
|
10 |
1 |
1 |
|
Search all mailboxes - Gmail with polling
|
Gmail
|
4 |
12 |
13 |
|
Search and Compare Process Executions - Generic
|
Common Playbooks
|
5 |
4 |
2 |
|
Search in mailboxes Gmail (Loop) with polling
|
Gmail
|
8 |
15 |
18 |
|
Send Indicators - Cofense Triage v3
|
Cofense Triage
|
12 |
4 |
0 |
|
Send Investigation Summary Reports
|
Common Playbooks
|
7 |
4 |
0 |
|
Send Investigation Summary Reports Job
|
Common Playbooks
|
4 |
0 |
0 |
|
Sentinel One - Endpoint data collection
Deprecated
|
SentinelOne
|
8 |
1 |
0 |
|
Sentinel One - Query Endpoints
|
SentinelOne
|
7 |
3 |
0 |
|
Service Desk Plus - Generic Polling
|
Manage Engine Service Desk Plus
|
6 |
3 |
2 |
|
ServiceNow - Ticket Management
|
ServiceNow
|
13 |
12 |
1 |
|
ServiceNow CMDB Search
|
ServiceNow
|
13 |
4 |
2 |
|
ServiceNow Change Management
|
Change Management
|
23 |
24 |
0 |
|
ServiceNow Ticket State Polling
|
ServiceNow
|
6 |
5 |
0 |
|
Set RDP Bitmap Cache Overall Score
|
RDPCacheHunting
|
4 |
0 |
1 |
|
Set Team Members
|
Team Management
|
12 |
2 |
0 |
|
Set up a Shift handover meeting
|
Shift Management
|
5 |
2 |
0 |
|
Shift handover
|
Shift Management
|
23 |
6 |
0 |
|
Slack - General Failed Logins v2.1
|
Slack
|
11 |
1 |
0 |
|
SlackBlockBuilderResponseExample
|
Slack
|
4 |
0 |
0 |
|
SolarStorm Activity Behavior Hunting playbook
|
Rapid Breach Response
|
13 |
0 |
0 |
|
SolarStorm and SUNBURST Hunting and Response Playbook
|
Rapid Breach Response
|
73 |
11 |
0 |
|
SolarStorm and SUNBURST Hunting and Response Playbook
|
Rapid Breach Response
|
73 |
14 |
0 |
|
Spear Phishing Investigation
|
Phishing
|
10 |
3 |
0 |
|
SpecterOpsBHE
|
SpecterOpsBHE
|
5 |
0 |
0 |
|
SpecterOpsBloodHoundEnterprise
|
SpecterOpsBloodHoundEnterprise
|
6 |
0 |
0 |
|
Splunk Generic
|
Splunk
|
24 |
7 |
0 |
|
Splunk Indicator Hunting
|
Splunk
|
77 |
21 |
5 |
|
Spring Core and Cloud Function SpEL RCEs
|
Spring Core and Cloud Function SpEL RCEs
|
51 |
6 |
0 |
|
SpyCloud - Breach Investigation
|
SpyCloud Enterprise Protection
|
11 |
1 |
0 |
|
SpyCloud - Malware Incident Enrichment
|
SpyCloud Enterprise Protection
|
7 |
1 |
24 |
|
Suspicious Domain Hunting Incident Handling
|
Suspicious Domain Hunting
|
32 |
3 |
0 |
|
Symantec block Email
|
Symantec Messaging Gateway
|
6 |
1 |
0 |
|
T1036 - Masquerading
|
Core
|
26 |
27 |
0 |
|
T1059 - Command and Scripting Interpreter
|
Core
|
29 |
23 |
0 |
|
TIE - IOC Hunt
|
McAfee Threat Intelligence Exchange
|
9 |
1 |
1 |
|
TIM - ArcSight Add Domain Indicators
|
ArcSight ESM
|
13 |
6 |
0 |
|
TIM - ArcSight Add Url Indicators
|
ArcSight ESM
|
13 |
6 |
0 |
|
TIM - Indicator Auto Processing
|
TIM - Indicator Auto-Processing
|
18 |
0 |
1 |
|
TIM - Indicator Relationships Analysis
|
TIM - Indicator Auto-Processing
|
20 |
2 |
7 |
|
TIM - Intel Tracking
|
TIM Campaign Tracking
|
16 |
0 |
0 |
|
TIM - Process Domain Age With Whois
|
Whois
|
22 |
4 |
4 |
|
TIM - Process Domains With Whois
|
Whois
|
9 |
2 |
6 |
|
Tanium - Ask Question
|
Tanium
|
4 |
2 |
2 |
|
Tanium - Get Saved Question Result
|
Tanium
|
3 |
1 |
2 |
|
Tanium Demo Playbook
Deprecated
|
Tanium
|
8 |
0 |
0 |
|
Tanium Threat Response - Create Connection
|
Tanium Threat Response
|
4 |
4 |
0 |
|
Tanium Threat Response - Request File Download
|
Tanium Threat Response
|
10 |
7 |
1 |
|
Tenable.io Scan
|
Tenable Vulnerability Management (formerly Tenable.io)
|
5 |
2 |
0 |
|
Threat Hunting - Chronicle
|
Google SecOps
|
29 |
1 |
0 |
|
Threat Hunting - Generic
|
Common Playbooks
|
6 |
12 |
49 |
|
Ticket Management - Generic
|
Common Playbooks
|
11 |
18 |
2 |
|
Tidy install content
|
Tidy
|
13 |
0 |
0 |
|
Traps Blacklist File
Deprecated Hidden
|
Palo Alto Networks Traps (Deprecated)
|
5 |
1 |
0 |
|
Traps Isolate Endpoint
Deprecated Hidden
|
Palo Alto Networks Traps (Deprecated)
|
8 |
1 |
2 |
|
Traps Quarantine Event
Deprecated Hidden
|
Palo Alto Networks Traps (Deprecated)
|
8 |
1 |
0 |
|
Traps Retrieve And Download Files
Deprecated Hidden
|
Palo Alto Networks Traps (Deprecated)
|
5 |
3 |
0 |
|
Traps Scan Endpoint
Deprecated Hidden
|
Palo Alto Networks Traps (Deprecated)
|
5 |
1 |
0 |
|
Trellix Email Security Cloud - Indicators Hunting
|
Trellix Email Security - Cloud
|
21 |
14 |
14 |
|
Trello - Generic
|
Trello
|
11 |
1 |
0 |
|
Trello Set Severity
|
Trello
|
9 |
0 |
0 |
|
Trend Micro CAS - Indicators Hunting
|
TrendAI™ Cloud App Security
|
42 |
13 |
15 |
|
TrendMicro Malware Alert Playbook
Deprecated
|
Trend Micro (Deprecated)
|
8 |
0 |
0 |
|
Tripwire Incident IP Enrichment
|
Tripwire
|
3 |
0 |
0 |
|
Tufin - Enrich IP Address(es)
|
Tufin
|
8 |
1 |
9 |
|
Tufin - Enrich Source & Destination IP Information
|
Tufin
|
14 |
2 |
11 |
|
Tufin - Get Application Information from SecureApp
|
Tufin
|
6 |
1 |
15 |
|
Tufin - Get Network Device Info by IP Address
|
Tufin
|
7 |
1 |
8 |
|
Tufin - Investigate Network Alert
|
Tufin
|
9 |
2 |
5 |
|
URL Enrichment - Generic
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
17 |
4 |
6 |
|
URL Enrichment - Generic v2
|
Common Playbooks
|
14 |
4 |
22 |
|
URL Enrichment - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
10 |
1 |
0 |
|
URL Private Scanning - Google Threat Intelligence
|
GoogleThreatIntelligence
|
10 |
1 |
0 |
|
URL Scan - Google Threat Intelligence
|
GoogleThreatIntelligence
|
6 |
1 |
1 |
|
US - Breach Notification
|
US - Breach Notification
|
25 |
8 |
0 |
|
USTA Account Takeover Prevention Employee Credential Incident
|
USTA Cyber Threat Intelligence Platform
|
10 |
1 |
0 |
|
Unblock Indicator - Infoblox Cloud
|
Infoblox Threat Defense with DDI
|
14 |
4 |
0 |
|
Unblock Indicator - Infoblox NIOS
|
Infoblox NIOS
|
14 |
2 |
0 |
|
Unisolate Endpoint - Cybereason
|
Cybereason
|
5 |
1 |
0 |
|
Unisolate Endpoint - Generic
|
Common Playbooks
|
8 |
3 |
6 |
|
UnitTestTopLevel
|
Content Testing
|
10 |
0 |
0 |
|
Unzip File
|
Common Playbooks
|
7 |
3 |
2 |
|
Update Incident Status And Fetch Attachments - Securonix
|
Securonix
|
9 |
0 |
0 |
|
Update Live Briefs - Dataminr Pulse
|
Dataminr Pulse
|
7 |
1 |
0 |
|
Update Or Remove Assets - RiskIQ Digital Footprint
|
RiskIQ Digital Footprint
|
10 |
3 |
0 |
|
Update enforcement mode - Illumio
|
Illumio Rapid Ransomware Containment
|
6 |
0 |
0 |
|
Uptycs - Bad IP Incident
|
Uptycs
|
9 |
1 |
12 |
|
Uptycs - Outbound Connection to Threat IOC Incident
|
Uptycs
|
18 |
2 |
7 |
|
User Investigation - Generic
|
Common Playbooks
|
29 |
14 |
17 |
|
Vulnerability Enrichment and Ticket Creation - Google Threat Intelligence
|
GoogleThreatIntelligence
|
12 |
2 |
0 |
|
Vulnerability Handling - Nexpose
|
Rapid7 InsightVM
|
14 |
0 |
0 |
|
Vulnerability Handling - Qualys
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
21 |
0 |
0 |
|
Vulnerability Handling - Qualys - Add custom fields to default layout
Deprecated Hidden
|
Deprecated Content (Deprecated)
|
12 |
2 |
0 |
|
Vulnerability Management - Nexpose (Job)
Deprecated
|
Rapid7 InsightVM
|
10 |
2 |
0 |
|
Vulnerability Management - Qualys (Job)
Deprecated
|
Qualys
|
11 |
2 |
0 |
|
Vulnerability Management - Qualys (Job) - V2
|
Qualys
|
13 |
2 |
0 |
|
Vulnerability Scan - RiskIQ Digital Footprint - Tenable.io
|
RiskIQ Digital Footprint
|
6 |
2 |
0 |
|
Wait Until Datetime
|
Common Playbooks
|
9 |
1 |
0 |
|
Wait Until Windows Host Online
Deprecated Hidden
|
Ansible Powered Integrations (Deprecated)
|
5 |
1 |
0 |
|
Wait Until Windows Host Online v2
|
Ansible Microsoft Windows
|
5 |
1 |
0 |
|
WhisperGate and HermeticWiper & CVE-2021-32648
|
WhisperGate and HermeticWiper & CVE-2021-32648
|
50 |
5 |
0 |
|
WhisperGate and HermeticWiper & CVE-2021-32648
|
WhisperGate and HermeticWiper & CVE-2021-32648
|
50 |
7 |
0 |
|
WildFire - Detonate file
Deprecated
|
WildFire by Palo Alto Networks
|
11 |
4 |
27 |
|
WildFire Malware
|
Core
|
42 |
32 |
0 |
|
Wildfire Detonate and Analyze File
|
WildFire by Palo Alto Networks
|
8 |
1 |
1 |
|
Windows Application Deployment
Deprecated Hidden
|
Ansible Powered Integrations (Deprecated)
|
14 |
0 |
0 |
|
Windows Application Deployment v2
|
Ansible Microsoft Windows
|
14 |
0 |
0 |
|
XCloud Alert Enrichment
|
Cloud Incident Response
|
11 |
2 |
12 |
|
XCloud Cryptojacking
|
Cloud Incident Response
|
22 |
44 |
0 |
|
XCloud Cryptojacking - Set Verdict
|
Cloud Incident Response
|
10 |
1 |
1 |
|
Xpanse Incident Handling - Generic
Deprecated
|
Cortex Xpanse by Palo Alto Networks (Deprecated)
|
84 |
6 |
0 |
|
YARA - File Scan
|
Yara
|
10 |
3 |
14 |
|
ZTAP Alert
|
Zero Trust Analytics Platform
|
11 |
2 |
0 |
|
Zendesk - Ticket Management
|
Zendesk
|
13 |
13 |
1 |
|
Zimperium Incident Enrichment
|
Zimperium
|
8 |
0 |
0 |
|
appNovi-MAC-Address-Lookup
|
AppNovi
|
5 |
1 |
1 |
|
panorama_content_update_test
|
PAN-OS by Palo Alto Networks
|
8 |
6 |
0 |
|
xsoar-data-collection-response-tracking
|
Xsoar-web-server
|
6 |
4 |
1 |
|
xsoarwebserver-email-acknowledgement
|
Xsoar-web-server
|
6 |
3 |
0 |
|
xsoarwebserver-email-data-collection
|
Xsoar-web-server
|
6 |
2 |
0 |