Playbook: Risk Notable Review Indicators

Description

This playbook was designed to be called by a user to process indicators that are marked as suspicious within the SOAR platform. Analysts will review indicators in a prompt and mark them as blocked or safe.

Type: Response Date: 2021-10-22 Author: Kelby Shelton, Splunk ID: 080edc96-ff2b-48b0-9f6f-73da3783fd63

How To Implement

For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar

Explore Playbook

Click the playbook screenshot to explore in more detail!

Reference

https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/use-the-tagging-system-with-the-playbook-pack-for-splunk-soar

source | version: 1