Common Playbooks Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook searches for failed logon on a specific user by querying logs from different sources.
Supported Integrations: -Splunk -QRadar -Azure Log Analytics.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|Splunk's index name in which to search. Default is "*" - All.
|The earliest time for the Splunk search query.
|The latest time for the Splunk search query.
|The Search Time for the QRadar search query. for example: Last 1 days
|Last 1 days
|The Search Time for the Azure Log Analytics search query. for example: ago(1d)
|Number of failed login from Siem.
|The result of the QRadar search.
|The results of the Splunk search. The results are a JSON array, in which each item is a Splunk event.
|The result of the Azure Log Analytics search.