Skip to main content
All CollectionsTemplatesIntermediate
Block Domain Finding on PerceptionPoint (IntSights) - Workflow Template
Block Domain Finding on PerceptionPoint (IntSights) - Workflow Template

Poll alerts in IntSights for High level Phishing issues. Ask a Slack channel if the domain should be blocked in PerceptionPoint's blocklist

Updated over a week ago

This Torq workflow template enables teams to automate daily phishing threat detection and response. The sequence polls for high-level phishing events in IntSights, cross-references domains with a block list in Perception Point, and facilitates a Slack-based approval process to update the block list. Outcomes include updating the block list or marking the alert as a false positive, streamlining threat management for phishing incidents.

Take Me to the Template

Use Cases

Phishing, Threat Intelligence Enrichment

Workflow Breakdown

  1. Poll for high level Phishing events daily from IntSights

  2. If alerts are found, check if domain is already blocked in Perception Point

  3. Ask a Slack channel for approval to add domain to the Perception Point block list

  4. If added, close the alert in Perception Point as "Problem Solved"

  5. If not added, close the alert in Perception Point as "False Positive"

Vendors

Slack, Utils, VirusTotal, Perception Point, IntSights

Workflow Output

Success/Failure via Slack

Tips

Modify the first set workflow variable step for your integrations

Related Articles
Add Phishing Domain to CloudFlare ZeroTrust (IntSights) - Workflow Template
Create IOCs on Malicious Files from a CrowdStrike Detection - Workflow Template
Retrieve New Exploited Vulnerabilities from CISA - Workflow Template
Retrieve and Normalize data on a Domain - Workflow Template
VirusTotal Domain Enrichment with Cache - Workflow Template
Did this answer your question?