Handle Darktrace Model Breach
Darktrace Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Handles each fetched Darktrace model breach by gathering additional detail about the activity and device, providing enrichment data from Darktrace and XSOAR, linking similar incidents, and giving the ability to acknowledge the model breach and close the incident.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- Entity Enrichment - Generic v3
#
Integrations- Darktrace
#
Scripts- FindSimilarIncidents
- IsIntegrationAvailable
#
Commands- darktrace-get-breach
- linkIncidents
- darktrace-acknowledge
- closeInvestigation
- darktrace-list-similar-devices
- darktrace-get-device-identity-info
#
Playbook InputsThere are no inputs for this playbook.
#
Playbook OutputsThere are no outputs for this playbook.