Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook includes the following tasks:
- Containment of files, endpoints, users and IP Addresses
- Enrichment of indicators
- Data acquisition of system info and files using Cortex XDR
- Eradicating compromised user credentials
** Note: This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs. Updates to the pack during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Account Enrichment - Generic v2.1
- Cortex XDR - Isolate Endpoint
- Endpoint Enrichment - Generic v2.1
- Block IP - Generic v2
- Threat Hunting - Generic
|IsolateEndpointAutomatically||Whether to isolate the endpoint automatically||False||Optional|
|DisableAccountAutomatically||Whether to disable the account automatically||True||Optional|
|BlockIPAutomatically||Whether to block the IP Address automatically||True||Optional|
|EnrichAutomatically||Whether to run indicators auto enrichment automatically||True||Optional|
There are no outputs for this playbook.