Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Bellevue Bank and Trust has recently purchased and deployed the Shuffle Cloud SOAR service and wants to take advantage of the functionality to automate as

Bellevue Bank and Trust has recently purchased and deployed the Shuffle Cloud SOAR service and wants to take advantage of the functionality to automate as many of the tasks that the SOC and IR teams currently handle manually as possible. While there are tens or hundreds of use cases, the CISO at BB&T wants the team to pick two of the use cases that generate the most amount of work and pilot the automation of those use cases with SOAR. As part of the preparation for that automation, he has tasked you to develop flowcharts of two processes.
For this assignment, pick the flowcharting tool of your choice. Draw.io is a free website that will allow you to complete this assignment
s flowcharts. You can also create flowcharts using the drawing tools in Microsoft Word to complete the assignment. Other drawing tools like Viso can also be used. Make sure you submit your flowcharts in a standard format such as a Word Document, PDF
,
or standard image file
(
JPEG
,
PNG
,
BMP
,
etc
.
)
.
Use Case
/
Process
1
One of the heaviest workloads for the SOC and IR teams is dealing with phishing. The company has used Proofpoint as an email security gateway for several years. Currently, there is no integration with TheHive ticketing system. A SOC analyst will have to go into the Proofpoint console and review the alerts generated by Proofpoint. For each alert, if it is not immediately apparent that the emails in the alert are benign, they must manually transfer the information from Proofpoint into the TheHive to open the case. Once the case is open, they must research any artifacts, such as sender email addresses, mail servers, attachments, URLs, and domains for evidence of maliciousness using the service AbuseIPDB, Virus Total, URLScan, Phishtank, OTX, and IBM Xforce services. If any of these services indicate any prior malicious detection the SOC analyst must escalate the case to a security incident. They must also contact the user outside of email and let them know they have been phished, and then reset their password. They must also generate a ticket for the HR training team to assign the phished employee to remedial phishing training. If malware was downloaded, they must put a ticket in for the forensics team to take a forensic image of the machine
(
over the network
)
.
After this is done the forensics team will manually put in a ticket for the endpoint support team to obtain and reimage the device. When all these tasks are complete, the SOC analyst can close out the security case and document the remedial actions taken. If at any point, ransomware or exfiltration of data occurs, the SOC analyst must escalate the case to the IR team and that team will start the IR processes. FLOWCHART PLEASE

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Main Memory Database Systems

Authors: Frans Faerber, Alfons Kemper, Per-Åke Alfons

1st Edition

1680833243, 978-1680833249

More Books

Students also viewed these Databases questions