mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
# Workflows: Email Sandboxing with Proofpoint
|
||||
|
||||
## Workflow 1: Attachment Detonation Pipeline
|
||||
```
|
||||
Email with attachment arrives at Proofpoint gateway
|
||||
|
|
||||
v
|
||||
[Pre-filter: Check attachment type]
|
||||
+-- Blocked types (.bat, .ps1, .vbs) --> Quarantine immediately
|
||||
+-- Detonable types --> Send to sandbox
|
||||
+-- Known safe types (.txt, .csv) --> Deliver
|
||||
|
|
||||
v
|
||||
[Sandbox detonation]
|
||||
+-- Execute in multiple environments (Win10, Win11, macOS)
|
||||
+-- Monitor: file system changes, registry, network, process creation
|
||||
+-- Timeout: 60-120 seconds per environment
|
||||
|
|
||||
v
|
||||
[Verdict]
|
||||
+-- MALICIOUS --> Quarantine, alert, extract IOCs
|
||||
+-- SUSPICIOUS --> Quarantine for analyst review
|
||||
+-- CLEAN --> Deliver with dynamic delivery
|
||||
```
|
||||
|
||||
## Workflow 2: URL Defense Time-of-Click
|
||||
```
|
||||
Email with URL arrives
|
||||
|
|
||||
v
|
||||
[URL rewritten to Proofpoint URL Defense proxy]
|
||||
|
|
||||
v
|
||||
[Email delivered to user]
|
||||
|
|
||||
v
|
||||
[User clicks rewritten URL]
|
||||
|
|
||||
v
|
||||
[Proofpoint performs real-time analysis]
|
||||
+-- Reputation check
|
||||
+-- Content analysis
|
||||
+-- Sandbox detonation of landing page
|
||||
|
|
||||
+-- SAFE --> Redirect to original URL
|
||||
+-- MALICIOUS --> Block access, show warning page
|
||||
+-- SUSPICIOUS --> Show interstitial warning, allow proceed
|
||||
```
|
||||
|
||||
## Workflow 3: TAP Dashboard Monitoring
|
||||
```
|
||||
Daily operations:
|
||||
+-- Review TAP Dashboard threat digest
|
||||
+-- Check VAP (Very Attacked People) changes
|
||||
+-- Review campaign clusters
|
||||
+-- Investigate quarantined messages
|
||||
+-- Monitor false positive rate
|
||||
|
|
||||
Weekly:
|
||||
+-- Analyze threat trends
|
||||
+-- Review sandboxing effectiveness
|
||||
+-- Tune policies based on FP/FN data
|
||||
+-- Update blocked file type list
|
||||
|
|
||||
Monthly:
|
||||
+-- Generate executive report from TAP
|
||||
+-- Review VAP list with HR/management
|
||||
+-- Assess ROI and threat prevention metrics
|
||||
```
|
||||
Reference in New Issue
Block a user