Playbook: Automated Enrichment

Description

Moves the event status to open and then launches the Dispatch playbooks for Reputation Analysis, Attribute Lookup, and Related Tickets.

Type: Investigation Date: 2023-03-06 Author: Kelby Shelton, Patrick Bareiss, Teoderick Contreras, Lou Stella Splunk ID: fc0edc96-ff1b-65e0-9a4d-64da6783fd64

Apps:

Associated Detections

How To Implement

  1. Ensure you have a reputation analysis playbook (e.g. VirusTotal v3), an attribute lookup playbook (e.g. Azure AD), and a related ticket search playbook (e.g. ServiceNow).\n2. Download local versions of Identifier Reputation Analysis Dispatch, Attribute Lookup Dispatch, and Related Tickets Search Dispatch playbooks.

Explore Playbook

explore

Required fields

Reference

source | version: 2