Try in Splunk SOAR


This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.

  • Type: Response
  • Product: Splunk SOAR
  • Apps:
  • Last Updated: 2021-10-22
  • Author: Kelby Shelton, Splunk
  • ID: 070edc96-ff2b-48b0-9f6f-93da3783fd63
  • Use-cases:

Associated Detections

How To Implement

For detailed implementation see

Explore Playbook


Required field


source | version: 1