You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
author: Kelby Shelton, Patrick Bareiss, Teoderick Contreras, Lou Stella Splunk
type: Investigation
description: "Moves the event status to open and then launches the Dispatch playbooks for Reputation Analysis, Attribute Lookup, and Related Tickets."
playbook: Automated_Enrichment
how_to_implement: 1. Ensure you have a reputation analysis playbook (e.g. VirusTotal v3), an attribute lookup playbook (e.g. Azure AD), and a related ticket search playbook (e.g. ServiceNow).\n2. Download local versions of Identifier Reputation Analysis Dispatch, Attribute Lookup Dispatch, and Related Tickets Search Dispatch playbooks.