The Powershell Payload Response playbook is designed to be used when file payload executions are detected from an endpoint machines Powershell and begins the remediation process.
Malware Lateral Movement Assessment and Response
- Details
- Content
- Dependencies
- Version History
This playbook identifies and remediates malware's lateral movement impact due to a phishing campaign in an organization.
Playbooks
| Name | Description |
|---|---|
| Powershell Payload Response |
Playbooks
| Name | Description |
|---|---|
| Powershell Payload Response | The Powershell Payload Response playbook is designed to be used when file payload executions are detected from an endpoint machines Powershell and begins the remediation process. |
Required Content Packs (7)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| ServiceNow | By: Cortex XSOAR |
| Splunk | By: Cortex XSOAR |
| Carbon Black Endpoint Standard | By: Cortex XSOAR |
| Carbon Black Cloud Enterprise EDR | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Phishing | By: Cortex XSOAR |
All level dependencies (15)
| Pack Name | Pack By |
|---|---|
| Common Scripts | By: Cortex XSOAR |
| Identity | By: Cortex XSOAR |
| Asset | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
| MITRE ATT&CK | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
| ServiceNow | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
| Common Types | By: Cortex XSOAR |
| Rasterize | By: Cortex XSOAR |
| Malware Core | By: Cortex XSOAR |
| Splunk | By: Cortex XSOAR |
| Carbon Black Endpoint Standard | By: Cortex XSOAR |
| Access Investigation | By: Cortex XSOAR |
| Carbon Black Cloud Enterprise EDR | By: Cortex XSOAR |
1.0.0 - 4709247 (February 17, 2021)
This playbook identifies and remediates malware's lateral movement impact due to a phishing campaign in an organization.
This playbook takes the hosts and attachments with the phishing email and then 1. It scans at the endpoint on which the phishing link was clicked and takes action to resolve any C&C activity and 2. It retroactively scans the logging history to identify lateral movement and quartines or resolve the traffic communication from those hosts
PUBLISHER
Accenture
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | February 17, 2021 | |
| Last Release | March 1, 2023 |
Malware
WORKS WITH THE FOLLOWING INTEGRATIONS:
