Security Operations

Automating Response to Suspicious Process Executions

Automating Response to Suspicious Process Executions

This playbook automates the investigation and response to suspicious process executions triggered by a scheduled task.
Mar 20, 2025
Automated Rapid Response to Suspicious Remote Scheduled Task Creation

Automated Rapid Response to Suspicious Remote Scheduled Task Creation

This playbook automates the identification and remediation of persistent threats that leverage scheduled tasks to execute malicious payloads across endpoints.
Mar 13, 2025
Automating Response to Suspicious SaaS Access From a Tor Exit Node

Automating Response to Suspicious SaaS Access From a Tor Exit Node

This playbook shows how a SecOps team can use Cortex XSIAM to automate and speed response to suspicious SaaS access alerts involving a Tor exit node.
Mar 06, 2025

Automating Response to Credential Dumping Attacks

Automated playbook designed to detect, contain and remediate credential dumping activity.
Feb 27, 2025

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.