SecOps use cases library

Create a Microsoft Sentinel Subscription for Every New Alert

Scheduled Subdomains Enumeration and SSL Certificate Scans

Unlock Local User Accounts on Devices Managed by Jamf Pro

Automatically Monitor Employees' Received Emails to Detect Threats

Continuous Network Threat Hunting using Darktrace and Remediation in CrowdStrike

Suspicious Login Detection and Remediation in Google Workspace

Automatically Perform Shodan Queries to Identify Network Misconfigurations

Automated Network Mapping & Security Scans with Shodan

Investigate Devices' Current DNS Resolver with Jamf Pro and Slack

Delete All Access Tokens and Signout a User with Google Admin Directory

Automate Google User Impersonation with IAM & OAuth

Ingest notifications from ESET Protect and trigger remediation

Automated Threat Detection and Remediation with ESET Protect and Slack Notifications

Perform weekly scans on quarantined objects on ESET

Proactive Monitoring and Automated Remediation of Suspicious File Downloads in Google Drive

Continuous Network Vulnerability Monitoring

Automated Malicious Email Detection and Remediation with Threat Exchange

Automated Cloud Security and User Account Management with Microsoft Teams

Streamline Noname Security issue and evidence processing in Splunk

Streamline Incident Response with VMware Carbon Black, PagerDuty, VirusTotal, and Jira

Enhance Email Security: Automated Domain Scanning, Breach Detection & Password Resets

Automate email security with UrlScan, VirusTotal & Slack for threat detection

Streamlined temporary access management in AWS IAM and AWS SSO from Slack

Automated Phishing Email Analysis and Risk Assessment with Multi-Tool Security Integration

Monitor and remediate file and media uploads on company cloud storage

Send an unknown IOC to Recorded Future for Analysis

Automate email threat detection and analysis with Slack, VirusTotal, and EmailRep

Automate scheduled device compliance evidence reporting with Jamf Pro and Drata

Remediate unusual login alerts from a SIEM system with Slack and Google Admin

Automate vulnerability data transfer from CrowdStrike Falcon Spotlight to Drata

Revoke Okta session following a Panther Event

Remediate unusual Google Admin login events through Panther alerts

Automatically analyze and remediate forwarded email attachments using GLIMPS

Analyze and Remediate Files Uploaded on Google Drive with GLIMPS

Automated Computer Restart and Status Tracking with Check Point Harmony Endpoint

Automated Token Retrieval and API Session Initialization for Check Point Harmony Endpoint

Automated Device Containment and Incident Tracking with CrowdStrike Falcon Overwatch and Jira

Terminate Active Malicious Processes in CrowdStrike with Slack Notifications

Automate 2FA Compliance Checks, Enforcement, and Reporting for Users in Acronis

Monitor, Enrich, and Remediate Honeytoken Triggers on GitGuardian

Check leaked password with Digital Shadows

Automated Analysis of Phishing Emails, URLs, and Attachments Using VirusTotal, URLScan.io, and emailrep.io

Automated Scanning and Reporting of Open Ports Using Shodan and Slack

Automated URL Threat Analysis and Incident Ticket Creation Using VirusTotal and Freshservice

Correlate and Alert on Multiple Failed Okta Logins via Slack for Enhanced Security Monitoring

Automated IP Address Verification and Remediation Using Google Sheets, VirusTotal, Jamf, and Slack

WordPress admin unknown IP address alert

HaveIBeenPwned Scan and Trigger Password Change in Google Admin Directory

Force Password Reset in Azure Active Directory Upon Detection of Compromised Credentials

Automated File Sharing Monitoring and Notification for Access Changes in Google Drive

Automated Domain Blocking in FireEye Endpoint Security for Enhanced Threat Response

Automated Web Extension Blocklist Management with JAMF Pro and Slack

Comprehensive Multi-Platform Identity Enrichment and Risk Analysis

Role creation or suspension in CrowdStrike

Search & update notable status in Splunk Enterprise Security

Handle False Positive Alerts in AWS IAM with an AI Agent

Detection and Management of CISA Vulnerabilities Using Tenable, Jira, and Microsoft Teams

Automated URLBlockList Updates by JAMF Pro

Retrieve overly permissive Google Cloud firewall rules with Wiz

Real-Time Email Anomaly Monitoring and Alerting with Google Pub/Sub and Slack Integration

Monitor Google Drive Activities for Access Changes, Downloads, and Deletions

Domain MX Records and IP Reputation Analysis with Slack Reporting

Automated Spam Detection and Removal in Office 365 Mailboxes

Discovery and Reporting of New Threats from MITRE TAXII Server to Slack

Verify Hashicorp Vault cluster health

Query Shodan for findings and alert on them using Slack and Jira

Email attachment threat analysis and triage with Material Security and VirusTotal

Crowdstrike Detection Analysis with VirusTotal and Incident Reporting in Jira and Microsoft Teams

Automated Real Time Threat Response with CrowdStrike Falcon

Analyze Email Headers for IP Reputation and Spoofing Detection

Fetch Microsoft Defender alerts and create a ticket in Jira

Automated external email in-depth analysis with VirusTotal, Urlscan and AbuseIPDB

Automate PaloAlto FireWall upgrade

Detection and Remediation of Malware in Network Environments Using Wiz, SentinelOne, and Jira

Monitoring and Management of Security Advisories Using Palo Alto ATP and Jira

Comprehensive Email Threat Detection and Response

Triage of Email Attachments for Enhanced Security Using Material Security and VirusTotal

Continuous Security Monitoring for BitWarden Using Mindflow AI Agent

Enrich CrowdStrike incidents with VirusTotal & send to TheHive

Detect & remediate public AWS S3 buckets with JupiterOne

Automate background check tracking and evidence upload for compliance in Drata

Respond to a CrowdStrike detection in ServiceNow

Monitor large downloads by employees in Netskope and create Jira issues

Email Header and Body Analysis for Phishing Attempt

Ticket enrichment from a Sekoia Alert

Analyze email attachments with VirusTotal

Streamline Okta Sign-In Monitoring and Slack-PagerDuty Response Mechanism

Crowdstrike Alert Analysis and Jira Ticketing for Enhanced Security Incident Response

Create a security incident in Airtable

Investigate unresolved SentinelOne threats

Automated Security Alert and Vulnerability Information Management with Qualys

AWS GuardDuty Analysis and Automated Jira Alert Management with IAM & EC2

Logz.io Event Capture and Jira Ticketing Integration for Efficient Monitoring

Enrich WAF Alerts with GreyNoise

Security Alert Management in GitHub from Elastic SIEM Notifications

Add a domain to a blocklist in Zscaler

Isolate & remediate AWS EC2 instance based on IOC

Create an IP enrichment API

Enrich & remediate suspicious logins reported in Okta

Automated Remediation of PagerDuty Incident Alerts

Filter Hunters.ai alerts by risk level and create Jira ticket via slack

Automated Notification of Open Tickets in TheHive to Users

Security Alert Analysis with Crowdstrike, Lacework, and ChatGPT

Query Log Analytics for Azure Sentinel alerts using KQL statements

Analyze IP via Slack with VirusTotal and IPInfo

Send an MFA push challenge to an Okta user on-demand

Automating Log Transfer from Google Workspace to Elastic

Discover leaked email passwords and personal information with Recorded Future

URLhaus URLs auto-update to Cisco Umbrella Deny List

Automating Monitoring and Dynamic Blocking of IOCs from US-CERT Feed

Discover and monitor unmanaged devices using Axonius

Automating Threat Detection in AWS GuardDuty with URLScan and Jira

Automated ServiceNow Incident Resolution Sync with CrowdStrike Detections

Automated Jamf Device Compliance Checks with CrowdStrike

Bulk Geo-lookup of IP Addresses Using Really Free Geo IP and Integration for Reporting

Automated IP Reputation Analysis in Snowflake with AbuseIPDB and VirusTotal

Automating IP Threat Detection and Notification with VirusTotal

Automated IP Analysis and Reporting with GreyNoise and Jira

Enrich IPs with VirusTotal Enterprise

Automated OCR Fraud Analysis and Zendesk Ticketing

Automated Compliance Reporting with Drata and Slack

Automated domain breach detection with HaveIBeenPwned in Google Admin Directory

Automated IOC Management and Response in Slack with Crowdstrike

Automating URL Allowlisting with Urlscan.io and Zscaler

Analyze files in Hybrid Analysis

Automate PII Anonymization and AI Responses in Slack with AWS Comprehend and OpenAI

Automate Device Locking and Phishing Alerts with AI Agents in CrowdStrike

Automated Cloud Resources Change Monitoring & Security Alerts

Automated Persistent Software Monitoring with Jamf Pro, Google Sheets & Slack

Automated employee offboarding using Google Admin, Okta, Bitwarden, Slack, HubSpot, and GitHub

Weekly Automatic Signout and Cookie Reset for All Google Workspace Users

Automated Google Workspace 2FA Management via Slack

Delete inactive mobile devices from Google Workspace

Monitor Sent Emails in Google Workspace Using Admin Directory and Gmail

Automated Jira Ticket Creation and Alert Assignment with Notifications via Microsoft Teams

Onboard employees & grant specialized access to specific tools

Automated PagerDuty Incident Management with ServiceNow

Investigate Suspicious Office 365 Logins and Ticketing with ElasticSearch and Zendesk

Automating Azure User Session Expiry and Password Resets via Microsoft Graph

Automated Domain Security Analysis with URLScan, VirusTotal, and URLhaus

Monitor, notify, and remediate secret incidents on GitGuardian

Automate CSPM Threat Response with Lacework, Jira, and AWS

AWS Cloud Security Management with Investigation and Remediation of Lacework Alerts

Detection and Management of Inactive Google Cloud Service Accounts Using Wiz and Jira

Find & remediate publicly exposed S3 buckets with Wiz