US-061US-062US-063US-064US-065US-098US-101US-108US-118
SOAR & Automation Playbooks
10 pre-built playbooks · 3 custom playbooks · 47 executions this month
Pre-built Playbooks
Custom Playbooks
Execution Log
Integrations
Pre-Built Playbooks US-061, US-062
| Playbook | Trigger | Actions | MITRE | Executions | Status | Toggle |
|---|---|---|---|---|---|---|
| Brute Force IP Block Auto-blocks attacking IP at firewall level |
>5 failed logins / 60s |
Block IP · Log · Notify | T1110 | 18 | Active | |
| Malware Auto-Quarantine Quarantines isolated endpoints (conf ≥95%) |
L8 detection + conf≥95% |
Quarantine · Incident report · Notify | T1204 | 3 | Active | |
| Ransomware Containment Isolates endpoint + pages on-call |
Ransomware YARA match |
Isolate · PagerDuty · Snapshot | T1486 | 0 | Active | |
| Port Scan Detection Alerts on external port scanning |
Rule 1002 — port scan |
Alert · Threat intel lookup | T1046 | 12 | Active | |
| FIM Critical Change /etc/passwd or /etc/sudoers modified |
Rule 550 — /etc/ change |
Alert · Snapshot · Jira ticket | T1098 | 4 | Active | |
| Unusual Login Time | Login outside 08:00–20:00 |
Notify admin · MFA challenge | T1078 | 7 | Active | |
| Privilege Escalation Alert | sudo su / new root session |
Alert · Log · Review queue | T1548 | 3 | Active |
Integrations US-064, US-065
💬
Slack
✓ Connected
#security-alerts channel
🎫
Jira Cloud
✓ Connected
Project: SECURITY
🚨
PagerDuty
Not connected
🟦
MS Teams
Not connected
🔧
ServiceNow
Not connected
📱
SMS (Twilio)
Not connected