Skip to main content

Code42 Exfiltration Playbook

The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves file event data, and allows security teams to remediate file exfiltration events by revoking access rights to cloud files or containing endpoints.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Active Directory - Get User Manager Details

Integrations#

  • jira-v2
  • CrowdstrikeFalcon

Scripts#

This playbook does not use any scripts.

Commands#

  • send-mail
  • closeInvestigation
  • jira-create-issue
  • cs-falcon-search-device
  • code42-alert-resolve
  • cs-falcon-contain-host

Playbook Inputs#


NameDescriptionDefault ValueRequired
JiraProjectJira Project for created incident ticketSecurityOptional
JiraTypeType of Jira ticket to createInvestigationOptional
JiraSummarySummary to use with Jira ticket creationCode42 Security Alert for Cortex XSOAR Incident ${incident.id}Optional
ContainHostsMaxMaximum number of network hosts to contain.2Optional
DemistoInstanceURLURL of Demisto instance for emails.https://example.com/Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Code42 Exfiltration Playbook