SlashNext Phishing Incident Investigation Playbook

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Enhance your security with threat hunting and incident investigation using this playbook. Scan with world’s largest, real-time phishing intelligence database for accurate, definitive binary verdicts on suspicious URLs and download phishing forensics including webpage screenshots, HTML and text. The playbook shall perform the analysis of all URL entities attached to an existing incident using SlashNext Logic Apps Connector and add threat information to each malicious incident.

Attribute	Value
Type	Playbook
Solution	SlashNext
Source	View on GitHub

Logic App Connectors

This playbook uses 2 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	2
`SlashNext`	Custom	1	1

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident	post	`/Incidents/Comment`	—
Entities_-_Get_URLs	post	`/entities/url`	—

`SlashNext` (Custom)

Action	Method	Endpoint	Other
Repute	post	`/api/v1/urls/repute`	—

Additional Documentation

📄 Source: SlashNextPhishingIncidentInvestigation/readme.md

Overview

SlashNext Phishing Incident Investigation Playbook

Prerequisites

SlashNext Logic Apps Connector supports Basic authentication, while creating connection you will be asked to provide API key. To acquire SlashNext API key, please contact us at support@slashnext.com or visit SlashNext.com

Deployment Instructions

Deploy with Incident Trigger (recommended) - After deployment, attach this playbook to an automation rule so it runs when the incident is created.

Learn more about automation rules