Try in Splunk SOAR

Description

Automatically dispatches input playbooks with the 'disable_account' tag. This will produce a merge report and indicator tag for each inputs.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: AD LDAP, Azure AD Graph
  • Last Updated: 2023-05-23
  • Author: Teoderick Contreras, Splunk
  • ID: 86320591-1bbd-41ab-8990-602a3968fd99
  • Use-cases:
    • Phishing
    • Endpoint

Associated Detections

How To Implement

This automatic playbook requires "disable_account" tag be present on each input playbook you want to launch.

D3FEND

ID Technique Definition Category
D3-AL Account Locking The process of temporarily disabling user accounts on a system or domain. Credential Eviction

Explore Playbook

explore

Required field

Reference

source | version: 1

You May Also Enjoy