Skip to main content

Druva-Ransomware-Response

This Playbook is part of the Druva Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Use Druva-Ransomware-Response to stop the spread of ransomware and avoid reinfection or contamination spread.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Druva Ransomware Response

Scripts#

  • IsIntegrationAvailable

Commands#

  • druva-find-sharePointSites
  • druva-find-userDevice
  • druva-quarantine-resource
  • druva-find-sharedDrives
  • druva-find-user
  • druva-find-device

Playbook Inputs#


NameDescriptionDefault ValueRequired
UserNameUserName is used to search userID of user${incident.users}Optional
ResourceNameResourceName is used to search resource of type FS,NAS and VMware${incident.hostnames}Optional
SiteURLSiteURL is used to search sharedrive and sharepoint resources${incident.urls}Optional
DateOfOccurrenceDate is used to quarantine deviceincident.occurredOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Druva-Ransomware-Response