Skip to main content

Compromised Credentials Match - Flashpoint

This Playbook is part of the Flashpoint Pack.#

The Compromised Credentials Match playbook uses the details of the compromised credentials ingested from Flashpoint Ignite and authenticates using the Active Directory integration by providing the compromised credentials of the user. It then expires the credentials if it matches, and sends an email alert about the breach.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Active Directory Query v2
  • OpenLDAP

Commands#

  • ad-authenticate
  • ad-expire-password
  • send-mail

Playbook Inputs#


NameDescriptionDefault ValueRequired
usernameThe username of the compromised credentials account.incident.flashpointsourceemailRequired
passwordThe password of the compromised credentials account.incident.flashpointpasswordRequired
sendEmailAsWarningBoolean input whether to send email or not.TrueOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Compromised Credentials Match - Flashpoint