Phishing Investigation - Generic Deprecated Hidden
Deprecated. Use "Phishing Investigation - Generic v2" playbook instead. Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself. The final remediation tasks are always decided by a human analyst.
Deprecated Content (Deprecated) · 32 tasks · 4 inputs · 0 outputs
Inputs
Role— The default role to assign the incident to.SearchAndDelete— Enable the "Search and Delete" capability (can be either "True" or "False"). In case of a malicious email, the "Search and Delete" sub-playbook will look for other instances of the email and delete them pending analyst approval.BlockIndicators— Enable the "Block Indicators" capability (can be either "True" or "False"). In case of a malicious email, the "Block Indicators" sub-playbook will block all malicious indicators in the relevant integrations.OnCall— Set to true to assign only user that is currently on shift
Commands used
closeInvestigation
send-mail