Users engaging with Data Leakage Threat Response solution pack scenario can utilize the "Investigate Data Leakage Alert (Symantec CloudSOC)" playbook to automate various tasks. The playbook streamlines the process by performing the following actions:
Identify Employee Watchlist Status: The playbook checks the watchlist status of the user implicated in the data leak incident. This automated step aids in assessing the potential risk posed by the involved user.
Sensitive Document Identification: The playbook determines if the file linked to the data leakage event is categorized as a sensitive document. This automated check is essential for evaluating the severity of the breach.
Initiate Containment Measures for Sensitive Documents: If a sensitive document is identified, the playbook triggers containment measures. This ensures that the compromised information is contained to prevent further exposure.
User Blocking in Active Directory: The playbook integrates with Microsoft Active Directory to block the implicated user. This action helps mitigate the immediate risk posed by the user's account.
Investigation using Symantec DLP: The playbook further leverages Symantec Data Loss Prevention (DLP) to investigate whether the user has been involved in any other data leak incidents. This comprehensive analysis provides insights into the extent of the potential breach.
In summary, the provided scenario showcases how FortiSOAR's automation capabilities can effectively respond to data leakage threats. Through a series of automated steps, the platform assists in identifying risks, containing breaches, and initiating investigations for a comprehensive security approach.
Reference Link: https://fortisoar.contenthub.fortinet.com//detail.htmlentity=dataLeakageThreatResponse&version=1.0.0...
