Calculate Severity - Critical Assets v2

Determines if a critical assest is associated with the invesigation. The playbook returns a severity level of "Critical" if at least one critical asset is associated with the investigation.

Critical assets refer to: users, user groups, endpoints and endpoint groups.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

  • PopulateCriticalAssets
  • Set

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
CriticalUsersThe CSV of critical users.admin,administrator-Optional
CriticalEndpointsThe CSV of critical endpoints.AdminPC-Optional
CriticalGroupsThe CSV of DN names of critical AD groups.Administrators, Domain Admins, Enterprise Admins, Schema Admins-Optional
AccountThe user accounts to check against the critical lists.NoneAccountOptional
EndpointThe endpoints to check against the CriticalEndpoints list.NoneEndpointOptional

Playbook Outputs


PathDescriptionType
Severities.CriticalAssetsSeverityThe score returned by the Calculate Severity - Critical Assets v2 playbook.number
CriticalAssetsAll critical assets involved in the incident.unknown
CriticalAssets.CriticalEndpointsThe critical endpoints involved in the incident.unknown
CriticalAssets.CriticalEndpointGroupsThe critical endpoint-groups involved in the incident.unknown
CriticalAssets.CriticalUsersThe critical users involved in the incident.unknown
CriticalAssets.CriticalUserGroupsThe critical user-groups involved in the incident.unknown

Playbook Image


Calculate_Severity_Critical_Assets_v2