Access Investigation - QRadar

Investigates an Access incident by gathering user and IP address information. The playbook then interacts with the user that triggered the incident to confirm whether or not they initiated the access action.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Access Investigation - Generic
  • QRadar - Get offense correlations v2

Integrations#

  • Builtin

Scripts#

This playbook does not use any scripts.

Commands#

  • setIncident

Playbook Inputs#


There are no inputs for this playbook.

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Access_Investigation_QRadar