Access Investigation - QRadar
Investigates an Access incident by gathering user and IP address information. The playbook then interacts with the user that triggered the incident to confirm whether or not they initiated the access action.
Dependencies
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks
- Access Investigation - Generic
- QRadar - Get offense correlations v2
Integrations
- Builtin
Scripts
This playbook does not use any scripts.
Commands
- setIncident
Playbook Inputs
There are no inputs for this playbook.
Playbook Outputs
There are no outputs for this playbook.