Playbook: ActiveDirectory Reset password

Description

This playbook resets the password of a potentially compromised user account. First, an analyst is prompted to evaluate the situation and choose whether to reset the account. If they approve, a strong password is generated and the password is reset.

Type: Response Date: 2020-12-08 Author: Philip Royer, Splunk ID: fc0edc96-ff2b-48b0-9f6f-63da6783fd63

Apps:

Associated Detections

How To Implement

This playbook works on artifacts with artifact:*.cef.compromisedUserName which can be created as shown in the playbook "recorded_future_handle_leaked_credentials" - The prompt is hard-coded to use "admin" as the user, so change it to the correct user or role

Explore Playbook

explore

Required fields

Reference

source | version: 1