forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAD_LDAP_Account_Locking.yml
More file actions
29 lines (29 loc) · 864 Bytes
/
AD_LDAP_Account_Locking.yml
File metadata and controls
29 lines (29 loc) · 864 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
name: AD LDAP Account Locking
id: e6f96caf-610c-4ced-aa2c-ba9b19b89e1f
version: 1
date: '2023-05-08'
author: Teoderick Contreras, Splunk
type: Investigation
description: "Accepts user, to be disabled using Microsoft AD LDAP connector. This playbook produces a normalized observables output for each user and device."
playbook: AD_LDAP_Account_Locking
how_to_implement: This input playbook requires the Microsoft AD LDAP connector to be configured.
It is designed to work in conjunction with the Dynamic Attribute Lookup playbook or other playbooks in the same style.
references: []
app_list:
- AD LDAP
tags:
platform_tags:
- user
- microsoft_ad_ldap
- D3-AL
- disable_account
playbook_type: Input
vpe_type: Modern
playbook_fields: []
product:
- Splunk SOAR
use_cases:
- Phishing
- Endpoint
defend_technique_id:
- D3-AL