Updated ymls

kelby-shelton · kelby-shelton · commit 2dba7fc17c89 · 2023-08-16T10:16:36.000-05:00
diff --git a/playbooks/AD_LDAP_Account_Locking.yml b/playbooks/AD_LDAP_Account_Locking.yml
@@ -22,3 +22,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-AL
diff --git a/playbooks/AD_LDAP_Entity_Attribute_Lookup.yml b/playbooks/AD_LDAP_Entity_Attribute_Lookup.yml
@@ -20,4 +20,6 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
diff --git a/playbooks/AWS_IAM_Account_Locking.yml b/playbooks/AWS_IAM_Account_Locking.yml
@@ -21,4 +21,8 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-AL
diff --git a/playbooks/Active_Directory_Disable_Account_Dispatch.yml b/playbooks/Active_Directory_Disable_Account_Dispatch.yml
@@ -22,4 +22,8 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-Al
diff --git a/playbooks/Attribute_Lookup_Dispatch.yml b/playbooks/Attribute_Lookup_Dispatch.yml
@@ -16,3 +16,5 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
diff --git a/playbooks/Azure_AD_Account_Locking.yml b/playbooks/Azure_AD_Account_Locking.yml
@@ -22,3 +22,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-AL
diff --git a/playbooks/Azure_AD_Graph_User_Attribute_Lookup.yml b/playbooks/Azure_AD_Graph_User_Attribute_Lookup.yml
@@ -20,4 +20,6 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
diff --git a/playbooks/Cisco_Umbrella_DNS_Denylisting.yml b/playbooks/Cisco_Umbrella_DNS_Denylisting.yml
@@ -22,3 +22,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DNSDL
diff --git a/playbooks/CrowdStrike_OAuth_API_Device_Attribute_Lookup.yml b/playbooks/CrowdStrike_OAuth_API_Device_Attribute_Lookup.yml
@@ -23,3 +23,6 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Endpoint
diff --git a/playbooks/CrowdStrike_OAuth_API_Dynamic_Analysis.yml b/playbooks/CrowdStrike_OAuth_API_Dynamic_Analysis.yml
@@ -23,3 +23,8 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DA
diff --git a/playbooks/CrowdStrike_OAuth_API_Identifier_Activity_Analysis.yml b/playbooks/CrowdStrike_OAuth_API_Identifier_Activity_Analysis.yml
@@ -20,3 +20,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Endpoint
+  defend_technique_id: D3-IAA
diff --git a/playbooks/DNS_Denylisting_Dispatch.yml b/playbooks/DNS_Denylisting_Dispatch.yml
@@ -17,4 +17,8 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DNSDL
diff --git a/playbooks/Dynamic_Analysis_Dispatch.yml b/playbooks/Dynamic_Analysis_Dispatch.yml
@@ -25,4 +25,9 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DA
diff --git a/playbooks/G_Suite_for_GMail_Message_Identifier_Activity_Analysis.yml b/playbooks/G_Suite_for_GMail_Message_Identifier_Activity_Analysis.yml
@@ -20,3 +20,6 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Phishing
+  defend_technique_id: D3-IAA
diff --git a/playbooks/Identifier_Activity_Analysis_Dispatch.yml b/playbooks/Identifier_Activity_Analysis_Dispatch.yml
@@ -15,4 +15,7 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
+  defend_technique_id: D3-IAA
diff --git a/playbooks/Identifier_Reputation_Analysis_Dispatch.yml b/playbooks/Identifier_Reputation_Analysis_Dispatch.yml
@@ -18,3 +18,6 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  defend_technique_id: D3-IRA
diff --git a/playbooks/Panorama_Outbound_Traffic_Filtering.yml b/playbooks/Panorama_Outbound_Traffic_Filtering.yml
@@ -21,3 +21,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-OTF
diff --git a/playbooks/PhishTank_URL_Reputation_Analysis.yml b/playbooks/PhishTank_URL_Reputation_Analysis.yml
@@ -23,3 +23,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Phishing
+  defend_technique_id: D3-IRA
diff --git a/playbooks/Related_Tickets_Search_Dispatch.yml b/playbooks/Related_Tickets_Search_Dispatch.yml
@@ -16,4 +16,6 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
diff --git a/playbooks/ServiceNow_Related_Tickets_Search.yml b/playbooks/ServiceNow_Related_Tickets_Search.yml
@@ -21,4 +21,6 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
diff --git a/playbooks/Splunk_Attack_Analyzer_Dynamic_Analysis.yml b/playbooks/Splunk_Attack_Analyzer_Dynamic_Analysis.yml
@@ -21,4 +21,9 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DA
diff --git a/playbooks/Splunk_Identifier_Activity_Analysis.yml b/playbooks/Splunk_Identifier_Activity_Analysis.yml
@@ -22,3 +22,6 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  defend_technique_id: D3-IAA
diff --git a/playbooks/Splunk_Message_Identifier_Activity_Analysis.yml b/playbooks/Splunk_Message_Identifier_Activity_Analysis.yml
@@ -21,3 +21,6 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Phishing
+  defend_technique_id: D3-IAA
diff --git a/playbooks/Splunk_Notable_Related_Tickets_Search.yml b/playbooks/Splunk_Notable_Related_Tickets_Search.yml
@@ -21,4 +21,6 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
diff --git a/playbooks/URL_Outbound_Traffic_Filtering_Dispatch.yml b/playbooks/URL_Outbound_Traffic_Filtering_Dispatch.yml
@@ -16,4 +16,8 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-OTF
diff --git a/playbooks/UrlScan_IO_Dynamic_Analysis.yml b/playbooks/UrlScan_IO_Dynamic_Analysis.yml
@@ -22,3 +22,8 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DA
diff --git a/playbooks/VirusTotal_v3_Dynamic_Analysis.yml b/playbooks/VirusTotal_v3_Dynamic_Analysis.yml
@@ -24,3 +24,8 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-DA
diff --git a/playbooks/VirusTotal_v3_Identifier_Reputation_Analysis.yml b/playbooks/VirusTotal_v3_Identifier_Reputation_Analysis.yml
@@ -28,4 +28,7 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Enrichment
+  defend_technique_id: D3-IRA
diff --git a/playbooks/Windows_Defender_ATP_Identifier_Activity_Analysis.yml b/playbooks/Windows_Defender_ATP_Identifier_Activity_Analysis.yml
@@ -20,3 +20,7 @@ tags:
   playbook_fields: []
   product:
   - Splunk SOAR
+  use_cases:
+  - Enrichment
+  - Endpoint
+  defend_technique_id: D3-IAA
diff --git a/playbooks/Zscaler_Outbound_Traffic_Filtering.yml b/playbooks/Zscaler_Outbound_Traffic_Filtering.yml
@@ -21,4 +21,8 @@ tags:
   vpe_type: Modern
   playbook_fields: []
   product:
-  - Splunk SOAR
+  - Splunk SOAR
+  use_cases:
+  - Phishing
+  - Endpoint
+  defend_technique_id: D3-OTF
