Supported Cortex XSOAR versions: 6.0.0 and later.
This is a generic playbook to be executed for the Splunk Notable Generic incident type. The playbook performs all the common parts of the investigation, including notifying the SOC, enriching the data for indicators and users, calculating the severity, assigning the incident, notifying the SIEM admin for false positives and more.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Entity Enrichment - Generic v2
- Calculate Severity - Standard
This playbook does not use any integrations.
|Enrich||Determines whether to enrich all indicators in the incident. Default is True.||true||Optional|
|OnCall||Set to true to assign only the user that is currently on shift. Default is False. Requires Cortex XSOAR v5.5 or later.||false||Optional|
|SocEmailAddress||The SOC team's email address.||Optional|
|SocMailSubject||The subject of the email to send to the SOC.||XSOAR Summary report, ID -||Optional|
|SiemAdminEmailAddress||The SIEM admin's email address.||Optional|
|UseCalculateSeverity||Determines whether to use the Calculate Severity playbook to calculate the incident severity. Default is True. If the playbook isn't used, the severity is determined by the Splunk severity value.||true||Optional|
|SiemAdminMailSubject||The subject of the email to send to the SIEM admin.||Adjustment/Exclusion for notable||Optional|
There are no outputs for this playbook.