Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook investigates a "User Permissions Changed” alert by gathering user and IP information and performs remediation based on the information gathered and received from the user. To link this playbook to the relevant alerts automatically, we recommend using the following filters when configuring the playbook triggers: Alert Source = Correlation AND Alert Name = Gitlab - Guest user permission change
This playbook uses the following sub-playbooks, integrations, and scripts.
- Enrichment for Verdict
- Block IP - Generic v3
- Block Account - Generic v2
This playbook does not use any integrations.
This playbook does not use any scripts.
|InternalRange||List of internal IP ranges.||Optional|
|UserVerification||Whether to provide user verification for blocking those IPs. |
False - No prompt will be displayed to the user.
True - The server will ask the user for blocking verification and will display the blocking list.
There are no outputs for this playbook.