Risk Notable Review Indicators

Description

This playbook was designed to be called by a user to process indicators that are marked as suspicious within the SOAR platform. Analysts will review indicators in a prompt and mark them as blocked or safe.

Type: Response
Product: Splunk SOAR
Apps:
Last Updated: 2021-10-22
Author: Kelby Shelton, Splunk
ID: 080edc96-ff2b-48b0-9f6f-73da3783fd63
Use-cases:

Associated Detections

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Required field

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Indicator_tagging_system

source | version: 1

Twitter Facebook LinkedIn

Risk Notable Review Indicators

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Splunk RCE via User XSLT

Splunk App for Lookup File Editing RCE via User XSLT

Splunk XSS in Highlighted JSON Events

AWS ECR Container Upload Outside Business Hours