Windows Defender ATP Identifier Activity Analysis

Description

Accepts a file_hash or domain name, and asks Windows Defender ATP for a list of devices that have interacted with each. It then produces a normalized output and summary table.

Type: Investigation
Product: Splunk SOAR
Apps: Windows Defender ATP
Last Updated: 2023-03-30
Author: Lou Stella, Splunk
ID: 5299d9dc-e9c4-46fa-da42-92ace0ff816d

Associated Detections

How To Implement

This input playbook requires the Windows Defender ATP connector to be configured. It is designed to work in conjunction with the Dynamic Identifier Activity Analysis playbook or other playbooks in the same style.

Windows Defender ATP Identifier Activity Analysis

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Windows MOVEit Transfer Writing ASPX

Windows Proxy Via Netsh

Windows Ldifde Directory Object Behavior

Windows Proxy Via Registry