This playbook focuses specifically on domain names contained in the ingested email, and it uses Cisco Umbrella Investigate to add the risk score, risk status, and domain category to the event in Splunk SOAR.