Code42 Exfiltration Playbook

The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves file event data, and allows security teams to remediate file exfiltration events by revoking access rights to cloud files or containing endpoints.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

Active Directory - Get User Manager Details

Integrations#

jira-v2
CrowdstrikeFalcon

Scripts#

This playbook does not use any scripts.

Commands#

send-mail
closeInvestigation
jira-create-issue
cs-falcon-search-device
code42-alert-resolve
cs-falcon-contain-host

Playbook Inputs#

Name	Description	Default Value	Required
JiraProject	Jira Project for created incident ticket	Security	Optional
JiraType	Type of Jira ticket to create	Investigation	Optional
JiraSummary	Summary to use with Jira ticket creation	Code42 Security Alert for Demisto Incident ${incident.id}	Optional
ContainHostsMax	Maximum number of network hosts to contain.	2	Optional
DemistoInstanceURL	URL of Demisto instance for emails.	https://example.com/	Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Code42 Exfiltration Playbook

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Code42 Exfiltration Playbook

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#