Try in Splunk SOAR


This playbook gathers all of the events associated with the risk notable and imports them as artifacts. It also generates a custom markdown formatted note.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: Splunk
  • Last Updated: 2021-10-22
  • Author: Kelby Shelton, Splunk
  • ID: 020edc96-ff2b-48b0-9f6f-23da3783fd63
  • Use-cases:

Associated Detections

How To Implement

For detailed implementation see

Explore Playbook


Required field

  • event_id
  • info_min_time
  • info_max_time
  • risk_object
  • risk_object_type


source | version: 1