Risk Notable Protect Assets and Users
Description
This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.
- Type: Response
- Product: Splunk SOAR
- Apps: None
- Last Updated: 2021-10-22
- Author: Kelby Shelton, Splunk
- ID: rn0edc96-ff2b-48b0-9f6f-93da3783fd63
Associated Detections
How To Implement
tbd
Explore Playbook
Required field
Reference
source | version: 1