Try in Splunk SOAR


Automatically dispatches input playbooks with the 'disable_account' tag. This will produce a merge report and indicator tag for each inputs.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: AD LDAP, Azure AD Graph
  • Last Updated: 2023-05-23
  • Author: Teoderick Contreras, Splunk
  • ID: 86320591-1bbd-41ab-8990-602a3968fd99
  • Use-cases:
    • Phishing
    • Endpoint

Associated Detections

How To Implement

This automatic playbook requires "disable_account" tag be present on each input playbook you want to launch.


ID Technique Definition Category
D3-AL Account Locking The process of temporarily disabling user accounts on a system or domain. Credential Eviction

Explore Playbook


Required field


source | version: 1