Malware Lateral Movement Assessment and Response

Details
Content
Dependencies
Version History

This playbook identifies and remediates malware's lateral movement impact due to a phishing campaign in an organization. This playbook takes the hosts and attachments with the phishing email and then 1. It scans at the endpoint on which the phishing link was clicked and takes action to resolve any C&C activity and 2. It retroactively scans the logging history to identify lateral movement and quartines or resolve the traffic communication from those hosts

Playbooks

Name	Description
Powershell Payload Response	The Powershell Payload Response playbook is designed to be used when file payload executions are detected from an endpoint machines Powershell and begins the remediation process.

Playbooks

Name	Description
Powershell Payload Response	The Powershell Payload Response playbook is designed to be used when file payload executions are detected from an endpoint machines Powershell and begins the remediation process.

Required Content Packs (7)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Splunk	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Carbon Black Cloud Enterprise EDR	By: Cortex XSOAR
Carbon Black Endpoint Standard	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Phishing	By: Cortex XSOAR

All level dependencies (35)

Pack Name	Pack By
Image OCR	By: Cortex XSOAR
Kenna	By: Cortex XSOAR
VirusTotal - Private API (Deprecated)	By: VirusTotal
Check Point Firewall	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cisco Firepower	By: Cortex XSOAR
Active Directory Query	By: Cortex XSOAR
Cisco Umbrella Investigate	By: Cortex XSOAR
Cisco ASA	By: Cortex XSOAR
F5 Silverline	By: Cortex XSOAR
VulnDB	By: Cortex XSOAR
MITRE ATT&CK	By: Cortex XSOAR
Sophos XG Firewall	By: Cortex XSOAR
Google Maps	By: Cortex XSOAR
Cisco Secure Cloud Analytics (Stealthwatch Cloud)	By: Cortex XSOAR
CVE Search	By: Cortex XSOAR
Zscaler Internet Access	By: Cortex XSOAR
Rapid7 InsightVM	By: Cortex XSOAR
Carbon Black Endpoint Standard	By: Cortex XSOAR
ThreatX	By: Cortex XSOAR
Akamai WAF	By: Cortex XSOAR
FortiGate	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Signal Sciences WAF	By: Cortex XSOAR
PAN-OS by Palo Alto Networks	By: Cortex XSOAR
Remote Access	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Splunk	By: Cortex XSOAR
Slack	By: Cortex XSOAR
CrowdStrike Falcon Intelligence Sandbox	By: Cortex XSOAR
Cylance Protect	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
ARIAPacketIntelligence	By: ARIA Cybersecurity Solutions
Carbon Black Cloud Enterprise EDR	By: Cortex XSOAR

PUBLISHER

Accenture

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	February 17, 2021
Last Release	February 17, 2021

Malware

WORKS WITH THE FOLLOWING INTEGRATIONS:

VMware Carbon Black Endpoint Standard (Deprecated)

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.