Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook handles all the eradication actions available with Cortex XSIAM, including the following tasks:
- Reset user password
- Delete file
- Kill process (currently, the playbook supports terminating a process by name)
Note: The playbook inputs enable manipulating the execution flow; read the input descriptions for details.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|AutoEradicate||Set to True to execute the eradication playbook automatically.||True||Optional|
|EndpointID||The endpoint ID.||alert.agentid||Optional|
|FilePath||The file path for the file deletion task.||foundIncidents.CustomFields.initiatorpath||Optional|
|Username||The username to reset the password for.||foundIncidents.CustomFields.username||Optional|
|FileRemediation||Choose 'Quarantine' or 'Delete' to avoid file remediation conflicts. |
For example, choosing 'Delete' ignores the 'Quarantine file' task under the containment playbook and executes only file deletion.
There are no outputs for this playbook.