Investigates an Access incident by gathering user and IP address information. The playbook then interacts with the user that triggered the incident to confirm whether or not they initiated the access action.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Access Investigation - Generic
- QRadar - Get offense correlations v2
This playbook does not use any scripts.
There are no inputs for this playbook.
There are no outputs for this playbook.