Identifier Reputation Analysis Dispatch

Description

Detects available indicators and routes them to indicator reputation analysis playbooks. The output of the analysis will update any artifacts, tasks, and indicator tags. https://d3fend.mitre.org/technique/d3f:IdentifierReputationAnalysis/

Type: Investigation
Product: Splunk SOAR
Apps:
Last Updated: 2023-01-11
Author: Kelby Shelton, Splunk
ID: fc0edc96-ff2b-48b0-9b4d-63da6783fd64
Use-cases:
- Enrichment

Associated Detections

How To Implement

This playbook looks for artifacts and then dispatches the community Reputation playbooks. This playbook takes the output of those playbooks and nicely formats them into notes and tags indicators with their results.

D3FEND

ID	Technique	Definition	Category
D3-IRA	Identifier Reputation Analysis	Analyzing the reputation of an identifier.	Identifier Analysis

Explore Playbook

Required field

Reference

https://d3fend.mitre.org/technique/d3f:IdentifierReputationAnalysis/

source | version: 1

Twitter Facebook LinkedIn

Identifier Reputation Analysis Dispatch

Description

Associated Detections

How To Implement

D3FEND

Explore Playbook

Required field

Reference

You May Also Enjoy

Splunk RCE via User XSLT

Splunk App for Lookup File Editing RCE via User XSLT

Splunk XSS in Highlighted JSON Events

AWS ECR Container Upload Outside Business Hours