Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook get as an input all of the involved IP addresses and identities from the Impossible Traveler playbook alert and enriches them based on the following:
- Geo location
- Active Directory
- Verdict enrichment e.g. VirusTotal, AbuseIPDB, etc.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Active Directory - Get User Manager Details
|sourceip||The source IP to iterate over||Optional|
There are no outputs for this playbook.