Skip to main content

Access Investigation - QRadar

This Playbook is part of the IBM QRadar Pack.#

Deprecated

No available replacement.

Investigates an Access incident by gathering user and IP address information. The playbook then interacts with the user that triggered the incident to confirm whether or not they initiated the access action.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Access Investigation - Generic
  • QRadar - Get offense correlations v2

Integrations#

  • Builtin

Scripts#

This playbook does not use any scripts.

Commands#

  • setIncident

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Access_Investigation_QRadar

Edit this page
Report an Issue