The Most Used Playbook Of 2017 series brings you the production playbooks noted by our professional services team as being most utilized and favored by customer SOCs.These playbooks implement best practice workflows for alert handling, alerts investigation, incident response and automation plans.

Phishing attacks

Phishing Playbook

80% of recently reported successful attacks began with deceptively simple phishing e-mails. 10% of all SOC alerts relate in some way to phishing attacks. Of these, 80% can be blocked, but these still require many hours of investigation to validate outcomes. That’s why organizations are constantly seeking innovative time-saving solutions. The following phishing playbook presents a consumer-tested workflow for security professionals.

Playbook Steps Summary

The primary goal is to identify all affected users as soon as possible. We collect evidence of the attack across the whole organization; perform automated analysis of IP, hosts and URLs; and block malicious contacts (including attack sender and URLs). For future prevention of human error, the playbook also automatically sends awareness content to affected users.

Notes:
* The playbooks demonstrate only the most popular rules
that generate the described attack vectors.
* All playbooks are fully customizable to the capabilities
and the tools in your SOC.