Best Of

As promised, we are sending you the winning blocks from the Community Challenge. So, we’ll start with the 3rd place winning block created by Dor Gosher  from Cybersixgill. 

Dor sent us an enrichment block that’s super easy for you to use.  The problem the block tries to solve:

Incident response activities often include repetitive tasks based on fragmented or insufficient information. Irrelevant alerts cause fatigue, and disparate tools for different tasks pile up - SOC analysts can find it very difficult to keep up.The solution the block offers

Automate indicator enrichment through Siemplify playbooks. These playbooks harness Darkfeed’s IOCs to trigger and execute actions across the entire security stack. As a result, analysts gain total visibility in a single pane of glass.Are you interested in trying it out? Here it is.

Just import it to your Siemplify environment through the Use Case module.

After you implement Dor's enrichment block, we want to introduce you to Cyrus's 24/7 block, which won 2nd place in the community challenge and made the judges smile. We have a feeling that all of you will find it useful and like the creativity.

Cyrus explains:

This is our 24/7 Client Check Block. We recently moved to 24/7 SOC monitoring, and this block helps us ensure that we prioritize

investigating/responding to alerts for our 24/7 clients after hours and on weekends. This block is placed after initial tagging and noise reduction just before the case is assigned back to "Tier 1" from our "Delayed Playbooks" placeholder role used during initial tagging and enrichment.

Here it is, import it, try it, and share your thoughts :)