Most Used Playbooks of 2018 – Incident Response,Alert & Automation

November 16 2018
The Most Used Playbook Of 2018 series brings you the production playbooks noted by our professional services team as being most utilized and favored by customer SOCsThese playbooks implement best practice workflows for alert handling, alerts investigation, incident response and automation plans.

Get The Full Series

Used phishing

Phishing Playbook

80% of recently reported successful attacks began with deceptively simple phishing e-mails. 10% of all SOC alerts relate in some way to phishing attacks. Of these, 80% can be blocked, but these still require many hours of investigation to validate outcomes. That’s why organizations are constantly seeking innovative time-saving solutions. The following phishing playbook presents a consumer-tested workflow for security professionals. 

Playbook Steps Summary

The primary goal is to identify all affected users as soon as possible. We collect evidence of the attack across the whole organization; perform automated analysis of IP, hosts and URLs; and block malicious contacts (including attack sender and URLs). For future prevention of human error, the playbook also automatically sends awareness content to affected users.

Download The Playbook See Playbook In Action

* The playbooks demonstrate only the most popular rules 
  that generate the described attack vectors.
* All playbooks are fully customizable to the capabilities 
  and the tools in your SOC.

Get The Full Series

Topics: Blog Incident Response Security Automation Security Operations Security Orchestration ThreatNexus

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe to Email Updates