Risk Notable Protect Assets and Users

Description

This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.

Type: Response
Product: Splunk SOAR
Apps: None
Last Updated: 2021-10-22
Author: Kelby Shelton, Splunk
ID: rn0edc96-ff2b-48b0-9f6f-93da3783fd63

Associated Detections

How To Implement

tbd

Explore Playbook

Required field

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system

source | version: 1

Twitter Facebook LinkedIn

Risk Notable Protect Assets and Users

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Windows Proxy Via Netsh

Windows Ldifde Directory Object Behavior

Windows Proxy Via Registry

Network Share Discovery Via Dir Command