Code42 Exfiltration Playbook

The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves file event data, and allows security teams to remediate file exfiltration events by revoking access rights to cloud files or containing endpoints.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Active Directory - Get User Manager Details

Integrations

  • jira-v2
  • CrowdstrikeFalcon

Scripts

This playbook does not use any scripts.

Commands

  • send-mail
  • closeInvestigation
  • jira-create-issue
  • cs-falcon-search-device
  • code42-alert-resolve
  • cs-falcon-contain-host

Playbook Inputs


NameDescriptionDefault ValueRequired
JiraProjectJira Project for created incident ticketSecurityOptional
JiraTypeType of Jira ticket to createInvestigationOptional
JiraSummarySummary to use with Jira ticket creationCode42 Security Alert for Demisto Incident ${incident.id}Optional
ContainHostsMaxMaximum number of network hosts to contain.2Optional
DemistoInstanceURLURL of Demisto instance for emails.https://example.com/Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Code42 Exfiltration Playbook