Access Investigation - QRadar

Investigates an Access incident by gathering user and IP address information. The playbook then interacts with the user that triggered the incident to confirm whether or not they initiated the access action.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Access Investigation - Generic
  • QRadar - Get offense correlations v2

Integrations

  • Builtin

Scripts

This playbook does not use any scripts.

Commands

  • setIncident

Playbook Inputs


There are no inputs for this playbook.

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Access_Investigation_QRadar