Active Directory Disable Account Dispatch
Description
Automatically dispatches input playbooks with the 'disable_account' tag. This will produce a merge report and indicator tag for each inputs.
- Type: Investigation
- Product: Splunk SOAR
- Apps: AD LDAP, Azure AD Graph
- Last Updated: 2023-05-23
- Author: Teoderick Contreras, Splunk
- ID: 86320591-1bbd-41ab-8990-602a3968fd99
- Use-cases:
- Phishing
- Endpoint
Associated Detections
How To Implement
This automatic playbook requires "disable_account" tag be present on each input playbook you want to launch.
D3FEND
ID | Technique | Definition | Category |
---|---|---|---|
D3-AL | Account Locking | The process of temporarily disabling user accounts on a system or domain. | Credential Eviction |
Explore Playbook
Required field
Reference
source | version: 1