forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAutomated_Enrichment.yml
More file actions
19 lines (19 loc) · 880 Bytes
/
Automated_Enrichment.yml
File metadata and controls
19 lines (19 loc) · 880 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
name: Automated Enrichment
id: fc0edc96-ff1b-65e0-9a4d-64da6783fd64
version: 2
date: '2023-03-06'
author: Kelby Shelton, Patrick Bareiss, Teoderick Contreras, Lou Stella Splunk
type: Investigation
description: "Moves the event status to open and then launches the Dispatch playbooks for Reputation Analysis, Attribute Lookup, and Related Tickets."
playbook: Automated_Enrichment
how_to_implement: 1. Ensure you have a reputation analysis playbook (e.g. VirusTotal v3), an attribute lookup playbook (e.g. Azure AD), and a related ticket search playbook (e.g. ServiceNow).\n2. Download local versions of Identifier Reputation Analysis Dispatch, Attribute Lookup Dispatch, and Related Tickets Search Dispatch playbooks.
references: []
app_list: []
tags:
platform_tags:
- Enrichment
playbook_type: Automation
vpe_type: Modern
playbook_fields: []
product:
- Splunk SOAR