Playbook: Risk Notable Import Data

Description

This playbook gathers all of the events associated with the risk notable and imports them as artifacts. It also generates a custom markdown formatted note.

Apps

Splunk

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Click the playbook screenshot to explore in more detail!

explore

Required fields

  • event_id

  • info_min_time

  • info_max_time

  • risk_object

  • risk_object_type

Reference

source | version: 1