From 5319af9a8c1bf5937653474208f61f1a2da13ac8 Mon Sep 17 00:00:00 2001
From: Chuck Woodraska <cwoodraska@domaintools.com>
Date: Mon, 15 Nov 2021 11:44:31 -0800
Subject: [PATCH] Rename from Phantom to Splunk SOAR.

---
 .../DomainTools_Domain_Risk_Score.tgz               | Bin
 .../DomainTools_Domain_Risk_Score/README.md         |   2 +-
 .../domaintools_domain_risk.csv                     |   0
 .../DomainTools_Guided_Pivots.tgz                   | Bin
 .../DomainTools_Guided_Pivots/README.md             |   0
 .../domaintools_guided_pivot.csv                    |   0
 .../DomainTools_Iris_Malicious_Tags.tgz             | Bin
 .../DomainTools_Iris_Malicious_Tags/README.md       |   0
 .../iris_malicious_tags.csv                         |   0
 {Splunk Phantom => Splunk SOAR}/README.md           |   5 ++---
 10 files changed, 3 insertions(+), 4 deletions(-)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Domain_Risk_Score/DomainTools_Domain_Risk_Score.tgz (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Domain_Risk_Score/README.md (85%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Domain_Risk_Score/domaintools_domain_risk.csv (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Guided_Pivots/DomainTools_Guided_Pivots.tgz (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Guided_Pivots/README.md (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Guided_Pivots/domaintools_guided_pivot.csv (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Iris_Malicious_Tags/DomainTools_Iris_Malicious_Tags.tgz (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Iris_Malicious_Tags/README.md (100%)
 rename {Splunk Phantom => Splunk SOAR}/DomainTools_Iris_Malicious_Tags/iris_malicious_tags.csv (100%)
 rename {Splunk Phantom => Splunk SOAR}/README.md (95%)

diff --git a/Splunk Phantom/DomainTools_Domain_Risk_Score/DomainTools_Domain_Risk_Score.tgz b/Splunk SOAR/DomainTools_Domain_Risk_Score/DomainTools_Domain_Risk_Score.tgz
similarity index 100%
rename from Splunk Phantom/DomainTools_Domain_Risk_Score/DomainTools_Domain_Risk_Score.tgz
rename to Splunk SOAR/DomainTools_Domain_Risk_Score/DomainTools_Domain_Risk_Score.tgz
diff --git a/Splunk Phantom/DomainTools_Domain_Risk_Score/README.md b/Splunk SOAR/DomainTools_Domain_Risk_Score/README.md
similarity index 85%
rename from Splunk Phantom/DomainTools_Domain_Risk_Score/README.md
rename to Splunk SOAR/DomainTools_Domain_Risk_Score/README.md
index 999171a..f067e28 100644
--- a/Splunk Phantom/DomainTools_Domain_Risk_Score/README.md	
+++ b/Splunk SOAR/DomainTools_Domain_Risk_Score/README.md	
@@ -7,7 +7,7 @@ Retrieve the Domain Risk Score and throw an Alert for the Analyst to manually re
 
 #### Before Installing
 In this directory there is a csv called `domaintools_domain_risk.csv` that can be downloaded and used to import into the app under the "Custom Lists" tab on the "Playbooks" feature. With the  `domaintoolsiriscreds` asset loaded in, import the csv or create a custom list named `domaintools_domain_risk` and copy the contents of the csv into the custom list.
-**The value in the list is the mininmum risk score to alert on, the number can be changed by the analyst, but the first column should not be changed, otherwise the playbook will break.**
+**The value in the list is the minimum risk score to alert on, the number can be changed by the analyst, but the first column should not be changed, otherwise the playbook will break.**
 
 #### Installation
 Download the tar file in this directory and import the playbook using that file. The asset accessed in the playbook is for DomainTools API credentials. Point the playbook to the `domaintoolsiriscreds` asset, save the playbook, make sure it's active, and give it a shot.
diff --git a/Splunk Phantom/DomainTools_Domain_Risk_Score/domaintools_domain_risk.csv b/Splunk SOAR/DomainTools_Domain_Risk_Score/domaintools_domain_risk.csv
similarity index 100%
rename from Splunk Phantom/DomainTools_Domain_Risk_Score/domaintools_domain_risk.csv
rename to Splunk SOAR/DomainTools_Domain_Risk_Score/domaintools_domain_risk.csv
diff --git a/Splunk Phantom/DomainTools_Guided_Pivots/DomainTools_Guided_Pivots.tgz b/Splunk SOAR/DomainTools_Guided_Pivots/DomainTools_Guided_Pivots.tgz
similarity index 100%
rename from Splunk Phantom/DomainTools_Guided_Pivots/DomainTools_Guided_Pivots.tgz
rename to Splunk SOAR/DomainTools_Guided_Pivots/DomainTools_Guided_Pivots.tgz
diff --git a/Splunk Phantom/DomainTools_Guided_Pivots/README.md b/Splunk SOAR/DomainTools_Guided_Pivots/README.md
similarity index 100%
rename from Splunk Phantom/DomainTools_Guided_Pivots/README.md
rename to Splunk SOAR/DomainTools_Guided_Pivots/README.md
diff --git a/Splunk Phantom/DomainTools_Guided_Pivots/domaintools_guided_pivot.csv b/Splunk SOAR/DomainTools_Guided_Pivots/domaintools_guided_pivot.csv
similarity index 100%
rename from Splunk Phantom/DomainTools_Guided_Pivots/domaintools_guided_pivot.csv
rename to Splunk SOAR/DomainTools_Guided_Pivots/domaintools_guided_pivot.csv
diff --git a/Splunk Phantom/DomainTools_Iris_Malicious_Tags/DomainTools_Iris_Malicious_Tags.tgz b/Splunk SOAR/DomainTools_Iris_Malicious_Tags/DomainTools_Iris_Malicious_Tags.tgz
similarity index 100%
rename from Splunk Phantom/DomainTools_Iris_Malicious_Tags/DomainTools_Iris_Malicious_Tags.tgz
rename to Splunk SOAR/DomainTools_Iris_Malicious_Tags/DomainTools_Iris_Malicious_Tags.tgz
diff --git a/Splunk Phantom/DomainTools_Iris_Malicious_Tags/README.md b/Splunk SOAR/DomainTools_Iris_Malicious_Tags/README.md
similarity index 100%
rename from Splunk Phantom/DomainTools_Iris_Malicious_Tags/README.md
rename to Splunk SOAR/DomainTools_Iris_Malicious_Tags/README.md
diff --git a/Splunk Phantom/DomainTools_Iris_Malicious_Tags/iris_malicious_tags.csv b/Splunk SOAR/DomainTools_Iris_Malicious_Tags/iris_malicious_tags.csv
similarity index 100%
rename from Splunk Phantom/DomainTools_Iris_Malicious_Tags/iris_malicious_tags.csv
rename to Splunk SOAR/DomainTools_Iris_Malicious_Tags/iris_malicious_tags.csv
diff --git a/Splunk Phantom/README.md b/Splunk SOAR/README.md
similarity index 95%
rename from Splunk Phantom/README.md
rename to Splunk SOAR/README.md
index 67e72d8..17aa1b9 100644
--- a/Splunk Phantom/README.md	
+++ b/Splunk SOAR/README.md	
@@ -1,11 +1,10 @@
-## DomainTools Phantom Playbooks
+## DomainTools Splunk SOAR Playbooks
 
-Working playbooks and automation scripts for Splunk Phantom. 
+Working playbooks and automation scripts for Splunk SOAR. 
 
 #### Installation
 For the DomainTools playbooks in this repo, an asset called `domaintoolsiriscreds` is needed with
 DomainTools API username and key. The playbooks expect this asset to exist to make the API calls needed for the playbook data upon execution. Installation instructions for each playbook is in the README at the root of the playbook’s directory.
-<br>
 
 #### Current Playbooks In This Repo