Access Investigation - QRadar

Investigates an Access incident by gathering user and IP address information. The playbook then interacts with the user that triggered the incident to confirm whether or not they initiated the access action.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

Access Investigation - Generic
QRadar - Get offense correlations v2

Integrations

Builtin

Scripts

This playbook does not use any scripts.

Commands

setIncident

Playbook Inputs

There are no inputs for this playbook.

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

Access_Investigation_QRadar

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Access Investigation - QRadar

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image