Incident Response Pack

This Incident Response Playbook can be used by the SOC teams, who need to extract and enrich domain information, perform reputation checks and take response actions based on the results

Comment

Inspiration

The cybersecurity challenge and the opportunity to develop a playbook to solve the problem and be part of the success.

What it does

Helps the incident response teams to automate repetitive tasks of indicator extraction, enrichment , conditional checks and automated response actions based on the results.

How I built it

I used XSOAR hackathon instance and the API integrations

Challenges I ran into

Access to RiskIQ Passivetotal API

Accomplishments that I'm proud of

Successful run of the Playbook :)

What I learned

How to use XSOAR to automate repetitive tasks

What's next for Incident Response Pack

A lot of enhancements that I wasn't able to accomplish during the hackathon duration. I will follow up.

Built With

  • googlechronicle
  • ibmqradar
  • playbook
  • python
  • riskiqpassivetotal
  • scripts
  • sendemail
  • xsoar
Share this project:

Updates