Skip to main content

Active Directory Investigation

This Playbook is part of the Active Directory Query Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Active Directory Investigation playbook provides tools and guidance to investigate changes and manipulation in Active Directory containers, ACLs, Schema, and objects. This playbook uses a 3rd party tool provided by Microsoft to scan the Active Directory access list, trees, and objects. Additional investigative information is provided for manual investigation.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • Active_Directory_Query


This playbook does not use any scripts.


  • ad-disable-account
  • setIncident

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Active Directory Investigation