

SecOps use cases library
Our featured
SecOps
use cases:
search
Search use case, service, tool…
Create a Microsoft Sentinel Subscription for Every New Alert
Incident Management
Alerts and Notifications
_____


Scheduled Subdomains Enumeration and SSL Certificate Scans
Vulenrability Management
Network Security
_____




Unlock Local User Accounts on Devices Managed by Jamf Pro
Device Monitoring
Endpoint Protection
_____


Automatically Monitor Employees' Received Emails to Detect Threats
Email Security
IP Analysis
_____

Continuous Network Threat Hunting using Darktrace and Remediation in CrowdStrike
Network Security
Threat Detection
_____



Suspicious Login Detection and Remediation in Google Workspace
Cloud Security
IAM
_____





Automatically Perform Shodan Queries to Identify Network Misconfigurations
Network Security
Incident analysis
_____



Automated Network Mapping & Security Scans with Shodan
Network Security
Endpoint Protection
_____


Investigate Devices' Current DNS Resolver with Jamf Pro and Slack
Endpoint Protection
Device Monitoring
Network Security


Delete All Access Tokens and Signout a User with Google Admin Directory
Offboarding
Incident Management
IAM


Automate Google User Impersonation with IAM & OAuth
IAM
_____
_____


Ingest notifications from ESET Protect and trigger remediation
Remediation
Incident Management
_____


Automated Threat Detection and Remediation with ESET Protect and Slack Notifications
Incident Management
Threat Detection
Remediation



Perform weekly scans on quarantined objects on ESET
Threat Detection
Threat Analysis
_____


Proactive Monitoring and Automated Remediation of Suspicious File Downloads in Google Drive
Data Security
Cloud Security
_____


Continuous Network Vulnerability Monitoring
Network Security
Threat Detection
_____




Automated Malicious Email Detection and Remediation with Threat Exchange
Threat Detection
Incident Management
_____




Automated Cloud Security and User Account Management with Microsoft Teams
_______
Data Security
_____

Streamline Noname Security issue and evidence processing in Splunk
Incident Management
Incident analysis
_____

Streamline Incident Response with VMware Carbon Black, PagerDuty, VirusTotal, and Jira
Endpoint Protection
_____
_____



Enhance Email Security: Automated Domain Scanning, Breach Detection & Password Resets
Email Security
Endpoint Protection
_____



Automate email security with UrlScan, VirusTotal & Slack for threat detection
Email Security
Endpoint Protection
_____


Streamlined temporary access management in AWS IAM and AWS SSO from Slack
IAM
_____
_____


Automated Phishing Email Analysis and Risk Assessment with Multi-Tool Security Integration
Phishing
Email Security
Threat Detection

Monitor and remediate file and media uploads on company cloud storage
Cloud Security
Cloud Management
_____



Send an unknown IOC to Recorded Future for Analysis
Incident analysis
Threat Detection
Endpoint Protection

Automate email threat detection and analysis with Slack, VirusTotal, and EmailRep
Email Security
Endpoint Protection
Threat Analysis


Automate scheduled device compliance evidence reporting with Jamf Pro and Drata
Compliance
_____
_____




Remediate unusual login alerts from a SIEM system with Slack and Google Admin
Alerts and Notifications
Incident Management
_____




Automate vulnerability data transfer from CrowdStrike Falcon Spotlight to Drata
Incident Management
Compliance
Enrichment


Revoke Okta session following a Panther Event
IAM
Incident Management
_____



Remediate unusual Google Admin login events through Panther alerts
IAM
Endpoint Protection
_____



Automatically analyze and remediate forwarded email attachments using GLIMPS
Threat Detection
Email Security
_____



Analyze and Remediate Files Uploaded on Google Drive with GLIMPS
Threat Detection
Remediation
_____




Automated Computer Restart and Status Tracking with Check Point Harmony Endpoint
Device Monitoring
Endpoint Protection
_____

Automated Token Retrieval and API Session Initialization for Check Point Harmony Endpoint
IAM
Alerts and Notifications
_____

Automated Device Containment and Incident Tracking with CrowdStrike Falcon Overwatch and Jira
Endpoint Protection
Incident Management
Remediation


Terminate Active Malicious Processes in CrowdStrike with Slack Notifications
Threat Detection
Incident Management
_____


Automate 2FA Compliance Checks, Enforcement, and Reporting for Users in Acronis
Compliance
Endpoint Protection
_____


Monitor, Enrich, and Remediate Honeytoken Triggers on GitGuardian
Incident Management
Cloud Security
Alerts and Notifications



Check leaked password with Digital Shadows
Threat Detection
_____
_____



Automated Analysis of Phishing Emails, URLs, and Attachments Using VirusTotal, URLScan.io, and emailrep.io
Email Security
Phishing
_____

Automated Scanning and Reporting of Open Ports Using Shodan and Slack
Threat Detection
Incident Management
_____


Automated URL Threat Analysis and Incident Ticket Creation Using VirusTotal and Freshservice
Threat Analysis
Ticketing
Incident Management

Correlate and Alert on Multiple Failed Okta Logins via Slack for Enhanced Security Monitoring
Threat Detection
_____
_____


Automated IP Address Verification and Remediation Using Google Sheets, VirusTotal, Jamf, and Slack
Threat Analysis
_____
_____





WordPress admin unknown IP address alert
Threat Analysis
_____
_____





HaveIBeenPwned Scan and Trigger Password Change in Google Admin Directory
IAM
Endpoint Protection
_____



Force Password Reset in Azure Active Directory Upon Detection of Compromised Credentials
IAM
Endpoint Protection
_____
Automated File Sharing Monitoring and Notification for Access Changes in Google Drive
IAM
Data Security
_____




Automated Domain Blocking in FireEye Endpoint Security for Enhanced Threat Response
Domain Analysis
Endpoint Protection
_____

Automated Web Extension Blocklist Management with JAMF Pro and Slack
Device Monitoring
Endpoint Protection
_____



Comprehensive Multi-Platform Identity Enrichment and Risk Analysis
IAM
Enrichment
_____



Role creation or suspension in CrowdStrike
Onboarding
Offboarding
_____

Search & update notable status in Splunk Enterprise Security
Incident Management
_____
_____

Handle False Positive Alerts in AWS IAM with an AI Agent
Triage
Alerts and Notifications
Incident Management

Detection and Management of CISA Vulnerabilities Using Tenable, Jira, and Microsoft Teams
_______
Threat Detection
Incident Management



Automated URLBlockList Updates by JAMF Pro
Incident Management
IP Analysis
_____


Retrieve overly permissive Google Cloud firewall rules with Wiz
Cloud Security
_____
_____



Real-Time Email Anomaly Monitoring and Alerting with Google Pub/Sub and Slack Integration
Threat Detection
_____
_____




Monitor Google Drive Activities for Access Changes, Downloads, and Deletions
Email Security
Threat Detection
_____


Domain MX Records and IP Reputation Analysis with Slack Reporting
Threat Analysis
Email Security
_____




Automated Spam Detection and Removal in Office 365 Mailboxes
Email Security
_____
_____

Discovery and Reporting of New Threats from MITRE TAXII Server to Slack
Alerts and Notifications
Threat Detection
_____


Verify Hashicorp Vault cluster health
Threat Detection
_____
_____


Query Shodan for findings and alert on them using Slack and Jira
Threat Detection
Alerts and Notifications
_____



Email attachment threat analysis and triage with Material Security and VirusTotal
Triage
Email Security
_____

Crowdstrike Detection Analysis with VirusTotal and Incident Reporting in Jira and Microsoft Teams
Threat Detection
Threat Analysis
Threat Detection



Automated Real Time Threat Response with CrowdStrike Falcon
Threat Detection
Remediation
_____

Analyze Email Headers for IP Reputation and Spoofing Detection
Email Security
_____
_____

Fetch Microsoft Defender alerts and create a ticket in Jira
Ticketing
Incident analysis
_____


Automated external email in-depth analysis with VirusTotal, Urlscan and AbuseIPDB
Email Security
Threat Detection
_____


Automate PaloAlto FireWall upgrade
Device Monitoring
Endpoint Protection
_____


Detection and Remediation of Malware in Network Environments Using Wiz, SentinelOne, and Jira
Threat Detection
Remediation
_____




Monitoring and Management of Security Advisories Using Palo Alto ATP and Jira
Threat Detection
_____
_____

Comprehensive Email Threat Detection and Response
Email Security
Threat Detection
_____

Triage of Email Attachments for Enhanced Security Using Material Security and VirusTotal
Email Security
_____
_____

Continuous Security Monitoring for BitWarden Using Mindflow AI Agent
_______
IAM
_____



Enrich CrowdStrike incidents with VirusTotal & send to TheHive
Enrichment
Endpoint Protection
_____


Detect & remediate public AWS S3 buckets with JupiterOne
Cloud Security
Threat Analysis
_____



Automate background check tracking and evidence upload for compliance in Drata
Compliance
_____
_____

Respond to a CrowdStrike detection in ServiceNow
Enrichment
Remediation
Incident analysis


Monitor large downloads by employees in Netskope and create Jira issues
Data Security
Cloud Security
_____

Email Header and Body Analysis for Phishing Attempt
Email Security
IP Analysis
_____
Ticket enrichment from a Sekoia Alert
Endpoint Protection
Endpoint Protection
_____





Analyze email attachments with VirusTotal
Email Security
Email Security
_____

Streamline Okta Sign-In Monitoring and Slack-PagerDuty Response Mechanism
Incident analysis
_____
_____



Crowdstrike Alert Analysis and Jira Ticketing for Enhanced Security Incident Response
Incident analysis
_____
_____



Create a security incident in Airtable
Incident analysis
_____
_____


Investigate unresolved SentinelOne threats
Incident analysis
_____
_____


Automated Security Alert and Vulnerability Information Management with Qualys
Incident analysis
_____
_____
AWS GuardDuty Analysis and Automated Jira Alert Management with IAM & EC2
Incident analysis
Remediation
_____

Logz.io Event Capture and Jira Ticketing Integration for Efficient Monitoring
Incident analysis
Alerts and Notifications
_____
Enrich WAF Alerts with GreyNoise
Incident analysis
Alerts and Notifications
_____


Security Alert Management in GitHub from Elastic SIEM Notifications
Incident analysis
Alerts and Notifications
_____


Add a domain to a blocklist in Zscaler
Remediation
_____
_____


Isolate & remediate AWS EC2 instance based on IOC
Remediation
Triage
_____


Create an IP enrichment API
Enrichment
_____
_____


Enrich & remediate suspicious logins reported in Okta
Enrichment
Remediation
_____



Automated Remediation of PagerDuty Incident Alerts
Alerts and Notifications
Remediation
_____



Filter Hunters.ai alerts by risk level and create Jira ticket via slack
Alerts and Notifications
Triage
Incident analysis



Automated Notification of Open Tickets in TheHive to Users
Alerts and Notifications
Ticketing
_____


Security Alert Analysis with Crowdstrike, Lacework, and ChatGPT
Alerts and Notifications
Threat Analysis
_____


Query Log Analytics for Azure Sentinel alerts using KQL statements
Alerts and Notifications
Data Analysis
_____



Analyze IP via Slack with VirusTotal and IPInfo
Triage
Enrichment
Threat Analysis



Send an MFA push challenge to an Okta user on-demand
Email Security
IAM
_____


Automating Log Transfer from Google Workspace to Elastic
Email Security
Productivity
_____


Discover leaked email passwords and personal information with Recorded Future
Email Security
Endpoint Protection
_____

URLhaus URLs auto-update to Cisco Umbrella Deny List
Threat Analysis
Incident analysis
_____


Automating Monitoring and Dynamic Blocking of IOCs from US-CERT Feed
Threat Analysis
Remediation
_____
Discover and monitor unmanaged devices using Axonius
Threat Analysis
Device Monitoring
_____
Automating Threat Detection in AWS GuardDuty with URLScan and Jira
Threat Analysis
Threat Detection
Incident analysis


Automated ServiceNow Incident Resolution Sync with CrowdStrike Detections
Threat Analysis
Incident Management
_____


Automated Jamf Device Compliance Checks with CrowdStrike
Device Monitoring
Endpoint Protection
Threat Detection

Bulk Geo-lookup of IP Addresses Using Really Free Geo IP and Integration for Reporting
IP Analysis
_____
_____


Automated IP Reputation Analysis in Snowflake with AbuseIPDB and VirusTotal
IP Analysis
Threat Analysis
_____

Automating IP Threat Detection and Notification with VirusTotal
IP Analysis
Threat Analysis
Threat Detection
Automated IP Analysis and Reporting with GreyNoise and Jira
IP Analysis
Threat Detection
_____


Enrich IPs with VirusTotal Enterprise
IP Analysis
Network Security
_____
Automated OCR Fraud Analysis and Zendesk Ticketing
Threat Detection
Incident analysis
_____


Automated Compliance Reporting with Drata and Slack
SOC
Compliance
_____


Automated domain breach detection with HaveIBeenPwned in Google Admin Directory
Incident Management
Threat Detection
Remediation



Automated IOC Management and Response in Slack with Crowdstrike
Incident Management
Threat Detection
Threat Analysis


Automating URL Allowlisting with Urlscan.io and Zscaler
Endpoint Protection
IP Analysis
Domain Analysis



Analyze files in Hybrid Analysis
Endpoint Protection
Threat Detection
Threat Analysis
Automate PII Anonymization and AI Responses in Slack with AWS Comprehend and OpenAI
Compliance
Data Security
_____



Automate Device Locking and Phishing Alerts with AI Agents in CrowdStrike
Device Monitoring
Endpoint Protection
_____


Automated Cloud Resources Change Monitoring & Security Alerts
Cloud Security
Incident Management
_____

Automated Persistent Software Monitoring with Jamf Pro, Google Sheets & Slack
Device Monitoring
Endpoint Protection
_____



Automated employee offboarding using Google Admin, Okta, Bitwarden, Slack, HubSpot, and GitHub
Offboarding
IAM
_____






Weekly Automatic Signout and Cookie Reset for All Google Workspace Users
_______
IAM
_____


Automated Google Workspace 2FA Management via Slack
_______
Incident Management
_____


Delete inactive mobile devices from Google Workspace
IAM
Device Monitoring
_____


Monitor Sent Emails in Google Workspace Using Admin Directory and Gmail
Email Security
Threat Analysis
_____


Automated Jira Ticket Creation and Alert Assignment with Notifications via Microsoft Teams
Ticketing
Alerts and Notifications
_____

Onboard employees & grant specialized access to specific tools
Onboarding
IAM
_____





Automated PagerDuty Incident Management with ServiceNow
Alerts and Notifications
Incident analysis
_____




Investigate Suspicious Office 365 Logins and Ticketing with ElasticSearch and Zendesk
Alerts and Notifications
Enrichment
Incident analysis




Automating Azure User Session Expiry and Password Resets via Microsoft Graph
IAM
Data Security
Device Monitoring

Automated Domain Security Analysis with URLScan, VirusTotal, and URLhaus
Domain Analysis
IP Analysis
_____


Monitor, notify, and remediate secret incidents on GitGuardian
Remediation
Alerts and Notifications
_____



Automate CSPM Threat Response with Lacework, Jira, and AWS
Cloud Security
Endpoint Protection
_____





AWS Cloud Security Management with Investigation and Remediation of Lacework Alerts
Cloud Security
Remediation
Threat Detection





Detection and Management of Inactive Google Cloud Service Accounts Using Wiz and Jira
Threat Detection
Cloud Security
_____



Find & remediate publicly exposed S3 buckets with Wiz
Cloud Security
Cloud Security
_____

