Skip to main content

Druva-Ransomware-Response

This Playbook is part of the Druva Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Automate response actions like quarantining effected resources or snapshots to stop the spread of ransomware and avoid reinfection or contamination spread.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Druva Ransomware Response

Scripts#

  • IsIntegrationAvailable

Commands#

  • druva-view-quarantine-range
  • druva-quarantine-resource
  • druva-endpoint-search-file-hash
  • druva-find-device

Playbook Inputs#


NameDescriptionDefault ValueRequired
OccuredTimeDate when incident occurred. This field will be used as the start date for Druva snapshot quarantine.
Format: YYYY-MM-DD
incident.datetimeofthebreachRequired
ComputerNameComputerName is used to search Druva for resourceIDincident.hostnameRequired
SHA1FIle Hash of ransomware DetectedFile.SHA1Optional

Playbook Outputs#


PathDescriptionType
Druva.viewedQuarantineRangeDruva Range Outputunknown

Playbook Image#


Druva-Ransomware-Response