Playbook: Risk Notable Review Indicators

Description

This playbook was designed to be called by a user to process indicators that are marked as suspicious within the SOAR platform. Analysts will review indicators in a prompt and mark them as blocked or safe.

Type: Response Date: 2021-10-22 Author: Kelby Shelton, Splunk ID: 080edc96-ff2b-48b0-9f6f-73da3783fd63

Apps:

Associated Detections

How To Implement

For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack

Explore Playbook

Required fields

Reference

https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Indicator_tagging_system

source | version: 1