Code42 Exfiltration Playbook

The Code42 Exfiltration playbook acts on Code42 Security Alerts, retrieves file event data, and allows security teams to remediate file exfiltration events by revoking access rights to cloud files or containing endpoints.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Active Directory - Get User Manager Details


  • jira-v2
  • CrowdstrikeFalcon


This playbook does not use any scripts.


  • send-mail
  • closeInvestigation
  • jira-create-issue
  • cs-falcon-search-device
  • code42-alert-resolve
  • cs-falcon-contain-host

Playbook Inputs

NameDescriptionDefault ValueRequired
JiraProjectJira Project for created incident ticketSecurityOptional
JiraTypeType of Jira ticket to createInvestigationOptional
JiraSummarySummary to use with Jira ticket creationCode42 Security Alert for Demisto Incident ${}Optional
ContainHostsMaxMaximum number of network hosts to contain.2Optional
DemistoInstanceURLURL of Demisto instance for emails.

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

Code42 Exfiltration Playbook