Playbook: Risk Notable Import Data

Description

This playbook gathers all of the events associated with the risk notable and imports them as artifacts. It also generates a custom markdown formatted note.

Type: Investigation Date: 2021-10-22 Author: Kelby Shelton, Splunk ID: 020edc96-ff2b-48b0-9f6f-23da3783fd63

Apps

Splunk

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Click the playbook screenshot to explore in more detail!

Required fields

event_id
info_min_time
info_max_time
risk_object
risk_object_type

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
http://docs.splunk.com/Documentation/ES/6.6.2/Admin/Configurecorrelationsearches#Use_security_framework_annotations_in_correlation_searches

source | version: 1