Outbound Network Detection and Response

Outbound Network Detection and Response

Description

This workflow covers outbound suspicious network pattern detections. there are four phases of the playbook: * Evidence collection - detection details, network related artifacts as IPs and services - based on Sentinel logs from Palo Alto URL filtering logs, Versa web proxy logs and Cybereason EDR telemetry.

• Enrichment - enrich the context for the source or destination.

• Investigation - check the source process for the communication, checked other alerts towards the same resource (URL, domain or IP), and if it was blocked by the security products.

• Response - block IP, block URL.

Trigger Request

There is no input for this workflow.

Supported CDC Versions

• 2.8