Playbook: Risk Notable Preprocess

Description

"This playbook prepares a risk notable for investigation by performing the following tasks: 1. Ensures that a risk notable links back to the original notable event with a card pinned to the HUD. 2. Posts a link to this container in the comment field of Splunk ES. 3. Updates the container name, description, and severity to reflect the data in the notable artifact."

Type: Investigation Date: 2021-10-22 Author: Kelby Shelton, Splunk ID: 060edc96-ff2b-48b0-9f6f-13da3783fd63

Apps:

Associated Detections

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Required fields

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

source | version: 1