SOAR Incident Response Playbook
An automated IR playbook that takes a phishing report from alert to triaged in one flow instead of a dozen manual steps.
- SOAR
- Proofpoint
- Microsoft Defender
- Automation
01 / Gap The manual phishing runbook
A reported phish kicks off the same dozen steps every time: pull the message, detonate the links, check who else received it, scope the blast radius, contain. Done by hand it’s slow and inconsistent across analysts.
Full writeup in progress.