We’ve just rolled out our new Phishing Tackle Box in the Extensions Library to help give folks a head start in handling phishing attacks in a more distributed, work-from-home setting. The tackle box contains a variety of InsightConnect workflows built to automate several different steps within a phishing investigation. This includes:
Phishing Alerts: Get phishing alerts sent to you directly in Slack or Microsoft Teams - your choice. These direct alerts + the details they provide make it easy to stay on top of threats without having to pull up a million different tools.
Indicator Enrichment: You want to make sure you’ve positively identified a phishing attempt before you take any action. Automate the extraction and enrichment of data from that potential attempt to aid in the identification process.
Email Remediation: Once you’ve positively identified a phishing attempt, it’s time to respond. These workflows provide various response options, including email deletion, blocking, and viewing any others who may’ve been targeted.
User Containment: If a threat has led to compromised user credentials, you want to disrupt the attacker and perform containment measures ASAP. These workflows facilitate that containment process to help prevent attackers from gaining further ground.
The Phishing Tackle Box is intended to address the main use cases within the phishing sphere, but if you have suggestions for new or existing workflows, let us know. Our ChatOps (eg, Slack/Microsoft Teams stuff) workflows in particular have been a big ask lately, and we’re always open to more ideas surrounding those.
The tackle box workflows do vary in size and complexity, and we want to make sure they accomplish what you need them to in your environment. If you have any questions or need some help wrangling them, let us know here.