Eradication Plan
#
This Playbook is part of the Common Playbooks Pack.Supported versions
Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook handles all the eradication actions available with Cortex XSIAM, including the following tasks:
- Reset user password
- Delete file
- Kill process (currently, the playbook supports terminating a process by name)
Note: The playbook inputs enable manipulating the execution flow; read the input descriptions for details.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
IntegrationsThis playbook does not use any integrations.
#
Scripts- Set
- IsIntegrationAvailable
#
Commands- ad-expire-password
- core-run-script-delete-file
- core-run-script-kill-process
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
AutoEradicate | Set to True to execute the eradication playbook automatically. | True | Optional |
EndpointID | The endpoint ID. | alert.agentid | Optional |
FilePath | The file path for the file deletion task. | foundIncidents.CustomFields.initiatorpath | Optional |
Username | The username to reset the password for. | foundIncidents.CustomFields.username | Optional |
FileRemediation | Choose 'Quarantine' or 'Delete' to avoid file remediation conflicts. For example, choosing 'Delete' ignores the 'Quarantine file' task under the containment playbook and executes only file deletion. | Delete | Optional |
#
Playbook OutputsThere are no outputs for this playbook.