Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook get as an input all of the involved IP addresses and identities from the Impossible Traveler playbook alert, and enriches them based on the following:
- Geo location
- Active Directory
- IP enrichment e.g. VirusTotal, AbuseIPDB, etc.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Account Enrichment - Generic v2.1
|sourceip||The source IP to iterate over.||Optional|
|username||The username to iterate over.||Optional|
|domain||The organization domain.||Optional|
|ActiveDirectory.Users.manager||The manager of the user.||unknown|