suspicious_email_attachment_investigate_and_delete.json

{
  "creation_date": "2019-06-03",
  "data_metadata": {
    "data_source": [
      "Microsoft Exchange",
      "SMTP",
      "Cuckoo",
      "Splunk Enterprise Security",
      "VirusTotal",
      "DeepSight"
    ],
    "providing_technologies": [
      "Microsoft Exchange",
      "SMTP",
      "Cuckoo",
      "Splunk Enterprise Security",
      "VirusTotal",
      "DeepSight"
    ]
  },
  "description": "Investigate an email with a suspicious file attachment detected by Splunk Enterprise Security. Detonate the file attachment in a sandbox, gather network behavior from the sandbox results, and pivot on those network indicators with both external reputation queries and internal Splunk Common Information Model searches. After confirming the results with an analyst prompt, delete the email from the user's inbox, hopefully before they have opened it.",
  "how_to_implement": "Synchronize the community playbook repository in Phantom, then open the playbook and follow the deployment notes to configure it for your environment.",
  "id": "3096f721-8842-42ce-2fc7-742d8372b712",
  "investigate": {
    "phantom": {
      "phantom_server": "automation (hostname)",
      "playbook_name": "community/suspicious_email_attachment_investigate_and_delete",
      "playbook_url": "https://my.phantom.us/4.2/playbook/suspicious-email-attachment-investigate-and-delete/",
      "schedule": {
        "cron_schedule": "0 * * * *",
        "earliest_time": "0",
        "latest_time": "86400"
      },
      "sensitivity": "green",
      "severity": "medium"
    }
  },
  "maintainers": [
    {
      "company": "Splunk",
      "email": "proyer@splunk.com",
      "name": "Philip Royer"
    }
  ],
  "modification_date": "2019-06-03",
  "name": "Suspicious Email Attachment Investigate and Delete",
  "original_authors": [
    {
      "company": "Splunk",
      "email": "proyer@splunk.com",
      "name": "Philip Royer"
    }
  ],
  "product_type": "phantom",
  "spec_version": 2,
  "version": "1.0"
}