Calculates and assigns the incident severity based on the highest returned severity level from the following severity calculations:
- Indicators DBotScore - Calculates the incident severity level according to the highest indicator DBotScore.
- Critical assets - Determines if a critical assest is associated with the invesigation.
- 3rd-party integrations - Calculates the incident severity level according to the methodology of a 3rd-party integration.
NOTE: the new severity level overwrites the previous severity level even if the previous severity level was more severe.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Calculate Severity - DBotScore
- Calculate Severity - 3rd-party integrations
- Calculate Severity - Critical assets
This playbook does not use any scripts.
|QualysSeverity||The qualys vulnerability severity score (1-5).||Severity||Qualys||Optional|
|DBotScore||The array of all indicators associated with the incident.||None||DBotScore||Optional|
|Endpoint||The endpoint to check against the critical lists.||None||Endpoint||Optional|
|Account||The user account to check against the critical lists.||None||Account||Optional|
|NexposeSeverity||The Nexpose vulnerability severity score. Can be, "Moderate", "Severe", or "Critical".||Asset.Vulnerability.Severity||Nexpose||Optional|
There are no outputs for this playbook.