Potential Phishing Incident Analysis
When a phishing attempt is reported to the SOC, D3 can trigger an automated phishing playbook that parses out the elements of the email, including potentially malicious URLs. The URLs are then checked against Google Safe Browsing. Other indicators are checked against third-party threat intelligence, Chronicle data, the MITRE ATT&CK Matrix, and historical incident data. If the email is confirmed as a genuine incident, D3 can then orchestrate the appropriate response actions across Gmail and other integrated tools.