Use this playbook to investigate and remediate suspicious IOC domain matches with recent activity found in the enterprise. This playbook also creates indicators for the entities fetched, as well as investigating and enriching them. Supported Integrations:
This playbook uses the following sub-playbooks, integrations, and scripts.
- Domain Enrichment - Generic v2
- Endpoint Enrichment - Generic v2.1
- Block URL - Generic
- URL Enrichment - Generic v2
- IP Enrichment - Generic v2
- PAN-OS - Block Domain - External Dynamic List
|auto_block_entities||Autoblock the detected suspicious Domain(s) and URL(s). You can set this as 'Yes' or 'No' manually here or you can set it into a custom incident field 'Chronicle Auto Block Entities' using mapping classification from integration configuration.||incident.chronicleautoblockentities||Optional|
There are no outputs for this playbook.