Skip to main content

Default Playbook

Default Playbook 1.0.2 356353

Got a unique incident? This Content Pack helps you automate the core steps of enrichment and severity calculation for any kind of incident.

Sometimes you may have an incident, or just some data at hand, that does not fall into any specific category. When you simply create an incident from scratch or just want to get more information about an indicator without performing a full investigation, we recommend using our Default playbook.

This pack provides you with the Default playbook which automates the much-needed core steps of enrichment and severity calculation for any kind of incident.

What does this pack do?

Extracts indicators from any data within the incident.
Enriches all indicators involved in the incident.
Calculates severity for the incident, taking into account the initial incident severity, indicator reputation and any critical assets found as indicators

The playbook found in this pack provides a great out-of-the-box solution, yet it can be customized should you want to add additional logic to the default behavior.

For more information, visit our Cortex XSOAR Developer Docs

Default

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedNovember 9, 2020
Last ReleaseNovember 9, 2020
Default

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.