Calculate Severity - GreyNoise

Calculate and assign the incident severity based on the highest returned severity level from the following calculations:

  • DBotScores of indicators
  • Current incident severity

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoise
  • Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoise

Integrations#

This playbook does not use any integrations.

Scripts#

  • Set

Commands#

  • setIncident

Playbook Inputs#


NameDescriptionDefault ValueRequired
DBotScoreArray of all indicators associated with the incident.DBotScore.NoneOptional
NetworkTrafficDirectionThe direction of network traffic event associated with the Incident(Egress/Ingress). If not supplied, Ingress is considered.EgressOptional

Playbook Outputs#


PathDescriptionType
CriticalAssetsAll critical assets involved in the incident.unknown
CriticalAssets.CriticalEndpointsCritical endpoints involved in the incident.unknown
CriticalAssets.CriticalEndpointGroupsCritical endpoint-groups involved in the incident.unknown
CriticalAssets.CriticalUsersCritical users involved in the incident.unknown
CriticalAssets.CriticalUserGroupsCritical user-groups involved in the incident.unknown

Playbook Image#


Calculate Severity - GreyNoise