Supported Cortex XSOAR versions: 6.9.0 and later.
Protect your identity and access management:
Reset Password: Resets the user password to halt any unauthorized access.
Revoke Session: Terminates current active sessions to ensure the malicious actor is locked out.
Combo Action: Resets the password and terminates all active sessions.
Guard your applications:
- Password Regeneration: Generate a new password for the service principal, making sure the old one becomes obsolete.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|IAMRemediationType||The response playbook provides the following remediation actions using MSGraph Users:|
Reset: By entering "Reset" in the input, the playbook will execute password reset.
Revoke: By entering "Revoke" in the input, the playbook will revoke the user's session.
ALL: By entering "ALL" in the input, the playbook will execute the reset password and revoke session tasks.
|appID||This is the unique application (client) ID of the application.||Optional|
|objectID||This is the unique ID of the service principal object associated with the application.||Optional|
|userID||The user ID or user principal name.||Optional|
|identityType||The type of identity involved. Usually mapped to incident field named 'cloudidentitytype'.|
|MSGraphUser||The Microsoft Graph Users information.||unknown|
|MSGraphApplication||The Microsoft Graph Application information.||unknown|