DTM Alert Incident Response - Google Threat Intelligence
This Playbook is part of the GoogleThreatIntelligence Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
This playbook initiates the response for DTM Alerts in XSOAR when an incident is investigated. For medium or higher severity, it creates a ServiceNow ticket using the "ServiceNow v2" integration; otherwise, the incident is assigned to an analyst. The ticket is enriched with GTI DTM Alert details, including alert type, status, monitor information, summary, AI Doc summary, and tags.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- Create ServiceNow Ticket
Integrations#
This playbook does not use any integrations.
Scripts#
- AssignAnalystToIncident
- DeleteContext
- SetAndHandleEmpty
Commands#
- servicenow-update-ticket
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| alert_id | Collection DTM Alert ID from incident. | incident.alertid | Optional |
| incident_severity | Collect incident severity from incident. | incident.severity | Optional |
| onCall | Set to true to assign only the user that is currently on shift. Default is False. | false | Optional |
| severity_mapping | Set the alert severity mapping as per GTI platform. | incident.severity | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
