Skip to main content
All CollectionsTemplatesIntermediate
Block Domain Finding on PerceptionPoint (IntSights) - Workflow Template
Block Domain Finding on PerceptionPoint (IntSights) - Workflow Template

Poll alerts in IntSights for High level Phishing issues. Ask a Slack channel if the domain should be blocked in PerceptionPoint's blocklist

Updated over 7 months ago

This Torq workflow template enables teams to automate daily phishing threat detection and response. The sequence polls for high-level phishing events in IntSights, cross-references domains with a block list in Perception Point, and facilitates a Slack-based approval process to update the block list. Outcomes include updating the block list or marking the alert as a false positive, streamlining threat management for phishing incidents.

Use Cases

Phishing, Threat Intelligence Enrichment

Workflow Breakdown

  1. Poll for high level Phishing events daily from IntSights

  2. If alerts are found, check if domain is already blocked in Perception Point

  3. Ask a Slack channel for approval to add domain to the Perception Point block list

  4. If added, close the alert in Perception Point as "Problem Solved"

  5. If not added, close the alert in Perception Point as "False Positive"

Vendors

Slack, Utils, VirusTotal, Perception Point, IntSights

Workflow Output

Success/Failure via Slack

Tips

Modify the first set workflow variable step for your integrations

Did this answer your question?