Incident tasks - Microsoft Defender XDR Phishing Playbook for SecOps
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook add Incident Tasks based on Microsoft Defender XDR Phishing Playbook for SecOps. This playbook will walk the analyst through four stages of responding to a phishing incident: containment, investigation, remediation and prevention. The step-by-step instructions will help you take the required remedial action to protect information and minimize further risks.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | SentinelSOARessentials |
| Source | View on GitHub |
Additional Documentation
📄 Source: Defender_XDR_Phishing_Playbook_for_SecOps-Tasks/readme.md
Defender_XDR_Phishing_Playbook_for_SecOps-Tasks
author: Benji Kovacevic
This playbook add Incident Tasks based on Microsoft Defender XDR Phishing Playbook for SecOps. This playbook will walk the analyst through four stages of responding to a phishing incident: containment, investigation, remediation and prevention. The step-by-step instructions will help you take the required remedial action to protect information and minimize further risks.
Quick Deployment
Post-deployment
- Assign Microsoft Sentinel Responder role to the managed identity. To do so, choose Identity blade under Settings of the Logic App.
- Assign playbook to the automation rule. - https://learn.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC
Conditions
Incident provider > Equals > Microsoft Defender XDR
Playbook will run if the alert has any of these keywords:
1. Phish
2. ZAP
3. removed after delivery
4. URL click was detected
Screenshots
Playbook
Microsoft Sentinel Incident Tasks
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊