Try in Splunk SOAR


Detects available indicators and routes them to related identifier activity analysis playbooks. The output of the analysis will update any artifacts, tasks, and indicator tags.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps:
  • Last Updated: 2023-02-28
  • Author: Lou Stella, Splunk
  • ID: fc0edc96-ab1f-48b9-1b4d-63da52dbfa74
  • Use-cases:
    • Enrichment

Associated Detections

How To Implement

This playbook looks for artifacts and then dispatches the community Related Tickets playbooks. This playbook takes the output of those playbooks and nicely formats them into notes and tags indicators with their results.


ID Technique Definition Category
D3-IAA Identifier Activity Analysis Taking known malicious identifiers and determining if they are present in a system. Identifier Analysis

Explore Playbook


Required field


source | version: 1