Try in Splunk SOAR


Accepts a file_hash, domain, IP address, or URL, and asks Splunk for a list of devices that have interacted with each. It then produces a normalized output and summary table.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: Splunk
  • Last Updated: 2023-03-31
  • Author: Lou Stella, Splunk
  • ID: 5299b9dc-e8c4-46ba-d942-92ace0ff816d

Associated Detections

How To Implement

This input playbook requires the Splunk connector to be configured. It is designed to work in conjunction with the Dynamic Identifier Activity Analysis playbook or other playbooks in the same style.

Explore Playbook


Required field


source | version: 1