Playbook: Risk Notable Protect Assets and Users

Description

This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.

Type: Response Date: 2021-10-22 Author: Kelby Shelton, Splunk ID: 070edc96-ff2b-48b0-9f6f-93da3783fd63

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Click the playbook screenshot to explore in more detail!

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system

source | version: 1