Skip to main content

Code42 Exfiltration Playbook

This Playbook is part of the Code42 Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves file event data, and allows security teams to remediate file exfiltration events by revoking access rights to cloud files or containing endpoints.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Active Directory - Get User Manager Details
  • Code42 File Download

Integrations#

  • jira-v2
  • CrowdstrikeFalcon
  • Code42

Scripts#

This playbook does not use any scripts.

Commands#

  • code42-alert-update
  • cs-falcon-search-device
  • cs-falcon-contain-host
  • closeInvestigation
  • jira-create-issue
  • send-mail

Playbook Inputs#

NameDescriptionDefault ValueRequired
JiraProjectJira Project for created incident ticketSecurityOptional
JiraTypeType of Jira ticket to createInvestigationOptional
JiraSummarySummary to use with Jira ticket creationCode42 Security Alert for Demisto Incident ${incident.id}Optional
ContainHostsMaxMaximum number of network hosts to contain.2Optional
DemistoInstanceURLURL of Demisto instance for emails.https://example.com/Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Code42 Exfiltration Playbook

Edit this page
Report an Issue