mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
# Workflows: Building Phishing Reporting Button Workflow
|
||||
|
||||
## Workflow 1: Automated Phishing Report Triage
|
||||
|
||||
```
|
||||
User clicks "Report Phishing" button
|
||||
|
|
||||
v
|
||||
[Email forwarded to reporting mailbox]
|
||||
+-- Original email preserved with full headers
|
||||
+-- Reporter identity recorded
|
||||
|
|
||||
v
|
||||
[SOAR platform ingests report]
|
||||
|
|
||||
v
|
||||
[Automated IOC extraction]
|
||||
+-- Extract sender address and domain
|
||||
+-- Extract all URLs from body
|
||||
+-- Extract attachment hashes (MD5, SHA256)
|
||||
+-- Parse email headers for authentication results
|
||||
|
|
||||
v
|
||||
[Automated analysis (parallel)]
|
||||
+-- URLs -> VirusTotal, URLScan.io, PhishTank
|
||||
+-- Attachments -> Sandbox detonation
|
||||
+-- Sender -> Threat intelligence lookup
|
||||
+-- Headers -> SPF/DKIM/DMARC validation
|
||||
|
|
||||
v
|
||||
[Classification]
|
||||
+-- CONFIRMED PHISHING: High-confidence malicious
|
||||
+-- SUSPICIOUS: Moderate indicators, needs analyst review
|
||||
+-- SPAM: Unwanted but not malicious
|
||||
+-- SIMULATION: Matches internal phishing test
|
||||
+-- CLEAN: Legitimate email, false report
|
||||
|
|
||||
v
|
||||
[Automated response by classification]
|
||||
+-- PHISHING: Retract from all inboxes + block sender
|
||||
+-- SUSPICIOUS: Escalate to SOC analyst
|
||||
+-- SPAM: Move to junk for all recipients
|
||||
+-- SIMULATION: Credit reporter in training platform
|
||||
+-- CLEAN: Return to inbox
|
||||
|
|
||||
v
|
||||
[Feedback to reporter]
|
||||
+-- "Thank you for reporting" (immediate)
|
||||
+-- Classification result (when complete)
|
||||
+-- Training tip (if false positive)
|
||||
```
|
||||
|
||||
## Workflow 2: SOC Analyst Escalation
|
||||
|
||||
```
|
||||
SOAR classifies report as SUSPICIOUS
|
||||
|
|
||||
v
|
||||
[SOC analyst reviews]
|
||||
+-- Examine full email content and headers
|
||||
+-- Verify automated analysis results
|
||||
+-- Check for similar reports from other users
|
||||
|
|
||||
v
|
||||
[Analyst decision]
|
||||
+-- Confirm malicious --> Trigger remediation playbook
|
||||
+-- Confirm clean --> Close and notify reporter
|
||||
+-- Need more info --> Contact reporter for context
|
||||
```
|
||||
Reference in New Issue
Block a user