Do I need an API token to use this skill?

Yes, you need a valid Splunk SOAR API token with permissions to create containers, create artifacts, and execute playbook runs.

Does this skill require a specific version of Splunk SOAR?

It is designed for Splunk SOAR (formerly Phantom) and uses standard REST API endpoints compatible with most modern versions including Cloud and On-Premises deployments.

What email formats are supported for parsing?

The implementation is optimized for parsing standard .eml files to extract headers, body text, and embedded indicators like URLs and IPs.

Which security frameworks does this implementation align with?

This skill is mapped to several frameworks including NIST CSF 2.0 (DE.CM-01, RS.MA-01), MITRE ATT&CK, and NIST AI RMF.

Can it handle multiple URLs in a single email?

Yes, the logic extracts all unique URLs from the email body and creates individual artifacts for each to ensure comprehensive reputation checking by the SOAR playbook.

SOAR Phishing Playbook Automation

Name: SOAR Phishing Playbook Automation
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Automates phishing incident response by integrating email parsing with Splunk SOAR REST APIs to create containers and trigger investigative playbooks.

This skill streamlines the cybersecurity incident response lifecycle for phishing attacks by programmatically handling the ingestion and analysis of suspicious emails. It leverages the Splunk SOAR REST API to ingest email metadata, extract indicators of compromise (IOCs) such as URLs and IP addresses, and initiate automated playbooks for immediate investigation. By bridging the gap between raw email data and automated orchestration, it helps security teams reduce Mean Time to Respond (MTTR) and ensures consistent security control application aligned with NIST CSF and MITRE ATT&CK frameworks.

主要功能

01Consolidated reporting of investigation verdicts and indicator reputations

02Automated email header and body parsing for .eml files

034,121 GitHub stars

04CEF-compliant mapping for sender details, URLs, and IP addresses

05Programmatic container and artifact creation via Splunk SOAR REST API

06Dynamic playbook triggering and real-time action status polling

使用场景

01Ensuring compliance with NIST CSF response and monitoring standards

02Integrating custom email gateways with existing Splunk SOAR workflows

03Scaling SOC efficiency during high-volume phishing campaigns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-soar-playbook-for-phishing

For use in Claude.ai and ChatGPT

主要功能

01Consolidated reporting of investigation verdicts and indicator reputations

02Automated email header and body parsing for .eml files

034,121 GitHub stars

04CEF-compliant mapping for sender details, URLs, and IP addresses

05Programmatic container and artifact creation via Splunk SOAR REST API

06Dynamic playbook triggering and real-time action status polling

使用场景

01Ensuring compliance with NIST CSF response and monitoring standards

02Integrating custom email gateways with existing Splunk SOAR workflows

03Scaling SOC efficiency during high-volume phishing campaigns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-soar-playbook-for-phishing

For use in Claude.ai and ChatGPT