Some example SOAR playbooks with implementation details for Splunk phantom

https://research.splunk.com/playbooks/

This is a great use case for a SOAR platform

https://cyb3rops.medium.com/use-personal-activity-reviews-par-to-uncover-adversary-activity-2db0bcb9e76