Skip to main content

Uptycs - Bad IP Incident

This Playbook is part of the Uptycs Pack.#

Gets information about processes which open connections to known bad IP addresses.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


This playbook does not use any integrations.


This playbook does not use any scripts.


  • uptycs-get-threat-source
  • uptycs-get-parent-information
  • uptycs-get-process-child-processes
  • uptycs-get-process-information
  • uptycs-get-alerts
  • uptycs-get-process-open-sockets
  • uptycs-get-threat-indicator

Playbook Inputs#

NameDescriptionDefault ValueRequired
alert_idThe unique Uptycs ID for a particular alert.${incident.alertid}Required

Playbook Outputs#

Uptycs.Proc.pidThe PID for the process.number
Uptycs.Proc.upt_add_timeThe time that the process was
Uptycs.Proc.upt_remove_timeThe time that the process was
Uptycs.Parent.pidTHe PID of the parent process.number
Uptycs.Parent.upt_add_timeThe time that the process was
Uptycs.Parent.upt_remove_timeThe time that the process was
Uptycs.Sockets.local_addressThe local IP address for the specified connection.string
Uptycs.Sockets.local_portThe local port for specified connection.number
Uptycs.Sockets.remote_portThe remote port for specified connection.number
Uptycs.Children.pidThe PID of a child process.number
Uptycs.Children.upt_add_timeThe time that the process was
Uptycs.Children.upt_remove_timeThe time that the process was

Playbook Image#