Ransomware Investigate and Contain

Try in Splunk SOAR

Description

This playbook investigates and contains ransomware detected on endpoints.

• Type: Response
• Product: Splunk SOAR
• Apps: Carbon Black Response, LDAP, Palo Alto Networks Firewall, WildFire, Cylance
• Last Updated: 2018-02-04
• Author: Philip Royer, Splunk
• ID: fc0edc96-ff2b-48b0-9f6f-63da3783fd63

Associated Detections

• Conti Common Exec parameter

How To Implement

This playbook requires the Splunk SOAR apps for Palo Alto Networks Firewalls, Palo Alto Wildfire, LDAP, and Carbon Black Response.

Playbooks

Required field

• ComputerName
• Username

Reference

source | version: 1