Official Cyber Lancers Playbooks SOC incident response knowledge base
Confidential SOC Workspace
Team Sync LOCAL
System State NORMAL
Active Cards 0/0
Playbook details
Editable
Suspicious Email
EMAIL SECURITY
Playbook Source
CategoryTIER 1 - Email Security
ScenarioGeneral Phishing Scenario
SourceCyber Lancers PVT Ltd
LicenseConfidential
Version1.0.0

Click any source value to edit it. Changes are saved in this browser.

Detect
0
Analyze
0
Contain / Eradicate
0
Recover
0
Post Incident
0
PHISH-001 HIGH

Initial Triage & Risk Assessment

Kanban Column Detect
IR Phase Detect
Ownership L1 Analyst
Estimated Time (ETR) 15 mins
Framework Compliance Mapping MITRE ATT&CK: Initial Access (T1566) | NIST Framework: ID.AM
Analyst Checklist & Tasks - Do This First
Quick Execution Summary
Decision, Evidence, SLA & Integration Context
Manual & Automation Notes
Current Manual Analyst Action Analyst manually searches indices inside SIEM dashboard for matching addresses.
Shuffle / Wazuh Automation Potential Shuffle workflow queries EDR agent manager to scan endpoint and auto-populate logs.
Playbook Evolution & Adaptation Notes

Threat actors rotate domains dynamically. Monitor for look-alike characters (homoglyphs) and check domain creation dates. Update this checker if attackers leverage specific top-level domains.

Playbook Linkages & Dependencies