Playbook: Automated Enrichment

Description

Moves the event status to open and then launches the Dispatch playbooks for Reputation Analysis, Attribute Lookup, and Related Tickets.

Type: Investigation Date: 2023-03-06 Author: Kelby Shelton, Patrick Bareiss, Teoderick Contreras, Lou Stella Splunk ID: fc0edc96-ff1b-65e0-9a4d-64da6783fd64

How To Implement

  1. Ensure you have a reputation analysis playbook (e.g. VirusTotal v3), an attribute lookup playbook (e.g. Azure AD), and a related ticket search playbook (e.g. ServiceNow).\n2. Download local versions of Identifier Reputation Analysis Dispatch, Attribute Lookup Dispatch, and Related Tickets Search Dispatch playbooks.

Explore Playbook

Click the playbook screenshot to explore in more detail!

explore

Reference

source | version: 2