Skip to main content

Digital Guardian Demo Playbook

This Playbook is part of the Digital Guardian Pack.#

This playbook will show how to handle an exfiltration event through Digital Guardian by emailing a user's manager and adding the user to a DG Watchlist.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Active Directory - Get User Manager Details
  • Account Enrichment - Generic v2.1


  • Builtin
  • Digital Guardian


This playbook does not use any scripts.


  • send-mail
  • digitalguardian-add-watchlist-entry
  • closeInvestigation

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
User NameUser Name to check${incident.digitalguardianusername}Required
Watchlist NameThe name of the DG watchlist to add the user to.DLP-USB-USERSRequired
Incident MatchThe incident name should contain this string in order for the playbook to handle the event. The default is DLP1008 which is a USB Exfiltration event.DLP1008Required
Notify ManagerNotify User's ManagertrueOptional

Playbook Outputs#

There are no outputs for this playbook.

Digital Guardian Logo