Risk Notable Preprocess

Description

"This playbook prepares a risk notable for investigation by performing the following tasks: 1. Ensures that a risk notable links back to the original notable event with a card pinned to the HUD. 2. Posts a link to this container in the comment field of Splunk ES. 3. Updates the container name, description, and severity to reflect the data in the notable artifact."

Type: Investigation
Product: Splunk SOAR
Apps: Splunk
Last Updated: 2021-10-22
Author: Kelby Shelton, Splunk
ID: 060edc96-ff2b-48b0-9f6f-13da3783fd63
Use-cases:

Associated Detections

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Required field

event_id
info_min_time
info_max_time

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

source | version: 1

Twitter Facebook LinkedIn

Risk Notable Preprocess

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

O365 New Forwarding Mailflow Rule Created

Okta Successful Single Factor Authentication

Windows Unsigned MS DLL Side-Loading

Windows Rename System Utilities Agentexecutor exe LOLBAS in Non Standard Path