Failed Login Playbook - Slack v2
#
This Playbook is part of the Deprecated Content (Deprecated) Pack.Deprecated
Deprecated. When there are three failed login attempts to Cortex XSOAR that originate from the same user ID, a direct message is sent to the user on Slack requesting that they confirm the activity. If the reply is "no", then the incident severity is set to "high". If the reply is "yes", then another direct message is sent to the user asking if they require a password reset in AD.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- Builtin
#
Scripts- SlackAsk
#
Commands- ad-expire-password
- closeInvestigation
- send-notification
- setIncident
#
Playbook InputsThere are no inputs for this playbook.
#
Playbook OutputsThere are no outputs for this playbook.