Investigate On Bad Domain Matches - Chronicle

Use this playbook to investigate and remediate Bad IOC domain matches with recent activity found in the enterprise, as well as notify the SOC lead and network team about the matches. Supported Integrations:

  • Chronicle
  • Whois
  • Mail Sender (New)
  • Palo Alto Networks PAN-OS
  • Palo Alto Networks AutoFocus v2

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • Chronicle
  • Whois
  • Mail Sender (New)
  • Palo Alto Networks PAN-OS
  • Palo Alto Networks AutoFocus v2

Scripts

  • AssignAnalystToIncident
  • Print
  • GenerateInvestigationSummaryReport

Commands

  • domain
  • gcb-ioc-details
  • send-mail
  • whois
  • panorama-register-user-tag
  • gcb-assets

Playbook Inputs


NameDescriptionDefault ValueRequired
networkteam_emailEnter the email address of the network team that needs to be notified.Optional
stakeholder_emailEnter the email of the stakeholder to whom you want to send the investigation summary report.Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Investigate On Bad Domain Matches - Chronicle