Code42 Exfiltration Playbook

The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves file event data, and allows security teams to remediate file exfiltration events by revoking access rights to cloud files or containing endpoints.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

Active Directory - Get User Manager Details

Integrations

jira-v2
CrowdstrikeFalcon

Scripts

This playbook does not use any scripts.

Commands

send-mail
closeInvestigation
jira-create-issue
cs-falcon-search-device
code42-alert-resolve
cs-falcon-contain-host

Playbook Inputs

Name	Description	Default Value	Required
JiraProject	Jira Project for created incident ticket	Security	Optional
JiraType	Type of Jira ticket to create	Investigation	Optional
JiraSummary	Summary to use with Jira ticket creation	Code42 Security Alert for Demisto Incident ${incident.id}	Optional
ContainHostsMax	Maximum number of network hosts to contain.	2	Optional
DemistoInstanceURL	URL of Demisto instance for emails.	https://example.com/	Optional

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

Code42 Exfiltration Playbook

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Code42 Exfiltration Playbook

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image