10 Playbooks you should start with in Devo SOAR

  • 8 March 2023
  • 0 replies
  • 122 views
10 Playbooks you should start with in Devo SOAR
Userlevel 7
Badge +3

Devo SOAR has thousands of uses as an Automation tool.  You can use it for highly critical tasks yes, but any task that saves you time is critical in our world!   You don’t have to imagine them, lets go over a few Playbooks that you can start with as soon as you open Devo SOAR.

 

Phishing Analysis

The most prolific security risk in any organization, the ubiquitous Phishing emails!  Use this playbook to analyze any reported phishing emails and make quick work of this daily task.  You will need a plalybook that will help you analyze the IP address, domains, and URL’s to understand the risk associated with each.  Creating a combined ranking of the threat will help you prioritize your response.  

 

Email Attachment Analysis

What’s worse that Phishing emails?  Attachments masquerading as legitimate files.  This playbook automatically does analysis of email attachments in emails from any IMAP server.  Based on the risk, you could build additional steps to remediate or trigger notifications for a more advanced response.

 

Crowdstrike Hash Blocking

Go directly past any disguises and add a list of specific hashes as IOC to CrowdStrike’s Falcon Platform.  Yes playbooks can interact with a large majority of your application stack. Even better, having the SOAR take action directly with CrowdStrike based on the allowed action list. 

 

Authorized Activity Tracking

You have systems in place listing all your authorized users, now compliment that with this Playbook.  It quickly identifies any activity performed by unauthorized users and lets you know so you can further investigate.

 

Twitter Zero Day Detection

Lets just say Twitter is in state of change recently.  With that comes new vulnerabilities,  this playbook will help you stay on top of them by searching for twitter announcements  of new vulnerabilities and letting you know as soon as they are discovered.

 

GitHub Repository

GitHub is a great tool, but the potential for shenanigans is great.   You can use this playbook to monitor your own list of sensitive keywords to prevent their exposure and misuse.

 

Virus Total MD5 Checks

Run a list of MD5 hash’s against VIrusTotal with this playbook helping you keep those passwords secure!

 

TOR Exit Node List Distribution

Stay updated on the latest list of TOR Exit Nodes with this Playbook.  New attackers emerge all the time, and this is one way to stay ahead of their attacks!

 

Geolocate IP Addresses

Not only is this visually fun to see but it makes it soo much easier to spot those impossible traveler scenarios quickly.

 

And that’s just the first 10!   

 

How do I create Playbooks like these?

Devo SOAR is not just Automation made simple, It helps you write sophisticated Playbooks for any purpose! 

Templates

There is a huge library of templates to chose from, In fact the 10 playbooks listed above are a sample of your starter templates!
 

AND there is even a better way!

Guided Playbook Builder

You’ve probably played with ChatGPT right?  Now what if I told you Devo SOAR has a dedicated language model for helping you create sophisticated playbooks?  Oh yes!
With the Guided Playbook Builder you get to do just that: Write a complete playbook by interacting with the Builder through a chat prompt. AI, sophistication, and a wise AI-powered assistant to design with confidence!
 

 

Don’t take my world for it!  Get the Devo SOAR Trial right now and start playing with the future!


0 replies

Be the first to reply!

Reply