Supported Cortex XSOAR versions: 6.5.0 and later.
This playbooks displays risky users and risky hosts, as detected by Cortex XDR's ITDR module. The data is displayed in incident fields in XDR incidents.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|XDRRiskyUsers||A list of risky usernames, their scores, risk levels, and the reasons for the risk, as outputted from the "xdr-list-risky-users" command.||PaloAltoNetworksXDR.RiskyUser||Optional|
|XDRRiskyHosts||A list of risky hosts, their scores, risk levels, and the reasons for the risk, as outputted from the "xdr-list-risky-hosts" command.||PaloAltoNetworksXDR.RiskyHost||Optional|
There are no outputs for this playbook.