When a potential phishing email is detected, Smart SOAR strips out all of the elements for analysis, including the URL of any links in the email. The elements are checked against threat intelligence and historical incident data and given a risk score. If any URLs are found to be malicious, Smart SOAR can blacklist them in Zscaler, directly from the automated playbook. The playbook will also orchestrate any other necessary tasks across the security infrastructure, such as blocking the sender’s domain, deleting the email from inboxes, and scanning for any other affected endpoints.
Updating firewall Allowlists and Denylists to respond to new threat intelligence or internal policies can be a time-consuming process. When done manually, Allowlists and Denylists usually need to be updated one-by-one. When a Zscaler user needs to make bulk updates to their firewall rules, they can run an automated playbook in Smart SOAR to make all of the updates at once, including assigning URLs to categories within Zscaler.