Risk Notable Review Indicators

Description

This playbook was designed to be called by a user to process indicators that are marked as suspicious within the SOAR platform. Analysts will review indicators in a prompt and mark them as blocked or safe.

Type: Response
Product: Splunk SOAR
Apps: None
Last Updated: 2021-10-22
Author: Kelby Shelton, Splunk
ID: rn0edc96-ff2b-48b0-9f6f-73da3783fd63

Associated Detections

How To Implement

tbd

Explore Playbook

Required field

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Indicator_tagging_system

source | version: 1

Twitter Facebook LinkedIn

Risk Notable Review Indicators

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Windows Proxy Via Netsh

Windows Ldifde Directory Object Behavior

Windows Proxy Via Registry

Network Share Discovery Via Dir Command