If you don't want to create a playbook from scratch, use a template. These templates come out-of-the-box or you can import your own from an existing playbook.
Playbook templates are frameworks that are already designed and ready for you to use. When you create a playbook from a template, just indicate the service you want to use.
You can't delete these out-of-the-box templates.
Import a Playbook Template
When you export a playbook, import it back into the system or another system as a template. It can only import as a template, not a playbook.
Ensure that your template file is in a valid JSON format. If you created and exported the playbook from Incident Responder, it is already in a valid format.
In the navigation bar, click PLAYBOOKS.
Click Import template .
Click CHOOSE TEMPLATE FILE, then select a valid JSON file to upload.
The playbook is imported as a template. To use the playbook, create a new playbook using the template.
Phishing Playbook Template
Break down the logic flow of the out-of-the-box phishing playbook template.
Phishing emails imitate reputable senders to fool recipients into installing malicious software or revealing personal information.
The phishing playbook sources emails ingested into Case Manager. It checks the reputation of the domain that sent the email; extracts any files, URLs, or links; and checks the reputation of these entities. Then, the playbook checks if the email recipient has any web activity related to the URL.
Based on the sender's email address, the playbook searches for other recipients. If it finds other recipients, the playbook alerts you.