SOAR Use Case: Hunting Phish Kits

When investigating and responding to phishing attacks, a security orchestration, automation and response (SOAR) platform, like Swimlane, is the perfect solution to easily correlate, enrich and respond to such attacks. As part of a typical investigation, Swimlane provides use cases that automate the searching and removing of these messages from users mailboxes and enrich from several OSINT and threat intelligence services. But for better protection, it’s important to take your response to phishing a step further.

In this on-demand webinar, Swimlane’s Josh Rickard and Jay Spann walk you through a new use case that proactively gathers critical information to help your organization establish TTPs (Tactics, Techniques, and Procedures) used by these malicious actors. By gathering these TTPs, we gain insight into who is attacking us, how they are attacking us, and their goals.

Key takeaways include:

  1. How to automate your phishing defense response process
  2. How proactive phishing defense enables your security team to respond accordingly.
  3. An overview of the structure of a “phishing kit” and key elements to track to build rich phishing intelligence.