Risk Notable Protect Assets and Users

Description

This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.

Type: Response
Product: Splunk SOAR
Apps:
Last Updated: 2021-10-22
Author: Kelby Shelton, Splunk
ID: 070edc96-ff2b-48b0-9f6f-93da3783fd63
Use-cases:

Associated Detections

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Required field

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system

source | version: 1

Twitter Facebook LinkedIn

Risk Notable Protect Assets and Users

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Windows Defender ASR Registry Modification

Windows Defender ASR Rule Disabled

Windows Defender ASR Audit Events

Windows Defender ASR Block Events