Playbook: Start Investigation

Description

Handle cases in Splunk SOAR with consistency that only automation can provide. This playbook ensures that cases are being assigned to analysts, and follow on work gets started.

Type: Investigation Date: 2021-10-07 Author: Kelby Shelton, Splunk ID: fc5adc76-f3ab-4cb0-5f6f-63bc3493fd46

How To Implement

This is a playbook that is designed to be recommended within a workbook. If used in this manner, the playbook will assign the user that launched the playbook as the owner of the event, move the event status to "Open", and complete the workbook task where this playbook appears. If there is a task after the one where the playbook appears (within the same phase), it will set the next task to "In Progress."

Explore Playbook

Click the playbook screenshot to explore in more detail!

explore

Reference

source | version: 1