Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook uses the RiskIQ PassiveTotal connector to automatically enrich incidents generated by Microsoft Sentinel. Indicators from an incident will be evaluated with RiskIQ reputation data. If any indicators are labeled as 'suspicious', the incident will be tagged as such and its severity will be marked as 'medium'. If any indicators are labeled as 'malicious', the incident will be tagged as such and its severity will be marked as 'high'. Regardless of the reputation state, comments will be
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | RiskIQ |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊