![]() ![]() The Splunk Phantom Phishing Investigate and Respond playbook examines the artifacts from an ingested email and performs various reputation checks against the data. ![]() Also, verify your asset configurations on the Phantom Asset Configuration page, and that all assets are resolved on the Phantom Resolved Assets page. Verify that the playbook is configured to operate on splunk_events.īefore you run the playbook, verify that Splunk Phantom is receiving data from Splunk Enterprise. How to implement: To run the Splunk Phantom Phishing Investigate and Respond playbook, you need a Splunk Enterprise instance from which Phantom can draw data that ingests email server events.Īlthough there are several ways to get data into Phantom, this example uses the Phantom App for Splunk on Splunkbase. Use the Splunk Phantom Phishing Investigate and Respond playbook to automate email investigations that analyze the email body, its attachments, and users who received the email so you can respond quickly to phishing attacks. Undetected phishing emails can be devastating to an organization, and investigating them can be time consuming. Read more about example use cases in the Splunk Platform Use Cases manual.įor more information on this and other examples, download the free Splunk Security Essentials app on Splunkbase. The Splunk Product Best Practices team helped produce this response. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |