Skip to main content

Gitlab - Guest user permission change

This Playbook is part of the GitLab Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.6.0 and later.

This playbook investigates a "User Permissions Changed” alert by gathering user and IP information and performs remediation based on the information gathered and received from the user. To link this playbook to the relevant alerts automatically, we recommend using the following filters when configuring the playbook triggers: Alert Source = Correlation AND Alert Name = Gitlab - Permission change from guest to owner

Used Sub-playbooks:

  • Enrichment for Verdict
  • Block IP - Generic v3
  • Block Account - Generic v2


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Block IP - Generic v3
  • Enrichment for Verdict
  • Block Account - Generic v2


This playbook does not use any integrations.


This playbook does not use any scripts.


  • closeInvestigation
  • setAlert

Playbook Inputs#

NameDescriptionDefault ValueRequired
InternalRangeList of Internal IP rangeslists.PrivateIPsOptional
UserVerificationWhether to provide user verification for blocking those IPs.
False - No prompt will be displayed to the user.
True - The server will ask the user for blocking verification and will display the blocking list.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Gitlab - Guest user permission change