Automate Phishing IR and Threat Hunting for Abuse Inbox Management

This playbook fully automates the identification and remediation of emails sent to abuse inboxes by leveraging SlashNext’s patented behavioral phishing detection technology that uses millions of virtual browsers to detect unknown threats, return definitive verdicts, and forensics evidence of malicious phishing emails, at scale. Dramatically reduce the time and effort involved in researching suspicious URLs across digital sources with accurate, fully automated, and definitive URL analysis on demand. Abuse inbox management is often a manual and complex operation. With this playbook, teams can reduce up to 80% of the hours spent per week managing abuse inboxes, which also provides detection and remediation for Microsoft Office 365 and similar secure email gateways.

Playbook’s main steps

  1. Extract URLs from the reported email
  2. Request real-time scans through SlashNext SEERTM Cloud (to be analyzed by a virtual browser)
  3. Download URL scan reports from SlashNext SEER Cloud including site screenshot, HTML and rendered text)
  4. Take email snapshot
  5. Log evidence for analyst (host reputation and complete forensics)
  6. Review the incident
  7. Close the investigation

Built With

  • api
  • ir
  • playbook
  • security
  • threat-hunting
Share this project: