Playbook: ActiveDirectory Reset password

Description

This playbook resets the password of a potentially compromised user account. First, an analyst is prompted to evaluate the situation and choose whether to reset the account. If they approve, a strong password is generated and the password is reset.

Apps

AD LDAP

How To Implement

This playbook works on artifacts with artifact:*.cef.compromisedUserName which can be created as shown in the playbook "recorded_future_handle_leaked_credentials" - The prompt is hard-coded to use "admin" as the user, so change it to the correct user or role

Explore Playbook

explore

Required fields

  • compromisedUserName

Reference

source | version: 1