Playbook: Risk Notable Protect Assets and Users
Description
This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.
How To Implement
For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
Explore Playbook
Click the playbook screenshot to explore in more detail!
Reference
source | version: 1