Skip to main content

Lost / Stolen Device

Download With Dependencies

Looking to reduce the multiple triage, response and mitigation steps involved in handling lost/stolen devices? We’ve got just the Content Pack for you!

Lost or Stolen Devices may contain sensitive corporate information that can be exposed and lead to further unwanted malicious activity against your organization. Handling such an alert or incident requires multiple triage, response and mitigation steps involving different teams, 3rd parties service providers and security/IT products.
With this content pack, you can significantly reduce the time your security analysts spend on lost or stolen device alerts and standardize the way you manage lost or stolen device incidents.

What does this pack do?

The playbooks included in this pack guides you manually through the necessary tasks to remediate a lost or stolen device:

  • Enrich device, owner and involved personal information, report the device to authorities.
  • Determine if device lockdown is possible, and if the device is a mobile phone to contact the mobile service provider.
  • Change/Revoke any personal information relevant to the device, bank accounts, AD account, passwords, VPN credentials, etc.
  • Determine if remote wiping is supported by the device, if so follow the business logic to determine if remote wiping is applicable.
  • Revoke the device from the organization's domain, approved lists, and add to appropriate block lists.
  • For the final steps of the playbook, it will guide the analyst to retrieve more information from the owner, open a ticket for a new device, and issue a report to be shared with the CISO.

For more information, visit our Cortex XSOAR Developer Docs

lost_stolen_device

Lost or Stolen Devices may contain sensitive corporate information that can be exposed and lead to further unwanted malicious activity against your organization. Handling such an alert or incident requires multiple triage, response and mitigation steps involving different teams, 3rd parties service providers and security/IT products.
With this content pack, you can significantly reduce the time your security analysts spend on lost or stolen device alerts and standardize the way you manage lost or stolen device incidents.

What does this pack do?

The playbooks included in this pack guides you manually through the necessary tasks to remediate a lost or stolen device:

  • Enrich device, owner and involved personal information, report the device to authorities.
  • Determine if device lockdown is possible, and if the device is a mobile phone to contact the mobile service provider.
  • Change/Revoke any personal information relevant to the device, bank accounts, AD account, passwords, VPN credentials, etc.
  • Determine if remote wiping is supported by the device, if so follow the business logic to determine if remote wiping is applicable.
  • Revoke the device from the organization's domain, approved lists, and add to appropriate block lists.
  • For the final steps of the playbook, it will guide the analyst to retrieve more information from the owner, open a ticket for a new device, and issue a report to be shared with the CISO.

For more information, visit our Cortex XSIAM Developer Docs

lost_stolen_device

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 9, 2020
Last ReleaseMay 2, 2023
Compliance

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.