SecureWithAkanksha/splunk-soar-playbooks

# 🔐 Splunk SOAR Playbooks Security automation scripts and playbooks for SOC operations — built for phishing triage, malware containment, and automated alert enrichment using Splunk SOAR + Python. ## 🛠️ Tools & Technologies - **SOAR:** Splunk SOAR (Phantom) - **Language:** Python 3 - **Integrations:** VirusTotal, AbuseIPDB, ServiceNow - **Concepts:** Alert Enrichment, Incident Triage, REST APIs, Error Handling ## 📁 Scripts | File | Description | |------|-------------| | `virustotal_lookup.py` | Query VirusTotal API for IP reputation and malicious verdict | | `abuseipdb_check.py` | Check AbuseIPDB for IP abuse confidence score | | `servicenow_ticket.py` | Auto-create ServiceNow incident tickets from SOAR alerts | ## 🔄 How These Work Together in a Playbook ## 👩‍💻 Author **Akanksha Christeena** | Security Automation Engineer [LinkedIn](https://www.linkedin.com/in/akankshachristeena/) | Chicago, IL

标签：AbuseIPDB, Ask搜索, IP信誉, Phishing, REST API, ServiceNow, SOAR, Splunk SOAR, VirusTotal, 事件分类, 告警增强, 威胁情报, 安全运营, 开发者工具, 恶意代码, 恶意软件, 扫描框架, 数据丰富, 脚本集成, 自动化响应, 自动化编排, 错误处理