topic playbook user investigation - generic in Cortex XSOAR Discussions https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-user-investigation-generic/m-p/580271#M3145 <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">hello everyone,</SPAN></SPAN></P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">Thank you all</SPAN></SPAN></P> Wed, 13 Mar 2024 19:42:14 GMT gerardo.rodriguez 2024-03-13T19:42:14Z playbook user investigation - generic https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-user-investigation-generic/m-p/580271#M3145 <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">hello everyone,</SPAN></SPAN></P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="jCAhz ChMk0b"><SPAN class="ryNqvb">Thank you all</SPAN></SPAN></P> Wed, 13 Mar 2024 19:42:14 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-user-investigation-generic/m-p/580271#M3145 gerardo.rodriguez 2024-03-13T19:42:14Z Re: playbook user investigation - generic https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-user-investigation-generic/m-p/580751#M3152 <P>Hi&nbsp;<A href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/812718387" target="_blank">@SOAR-ADMIN</A>&nbsp;,</P> <P>&nbsp;</P> <P>you can find the details about the playbook on the below page.<BR /><BR /><A href="https://xsoar.pan.dev/docs/reference/playbooks/user-investigation---generic" target="_blank" rel="nofollow noopener noreferrer">https://xsoar.pan.dev/docs/reference/playbooks/user-investigation---generic</A><BR /><BR />If you want to check which playbooks use it as a sub-playbook, there are some examples below:<BR /><BR />Cortex XDR - Large Upload<BR />Possible External RDP Brute-Force<BR />Cortex XDR - Port Scan<BR />Cortex XDR - First SSO Access<BR />Cortex XDR - Possible External RDP Brute-Force<BR />DLP Incident Feedback Loop</P> <P>&nbsp;</P> Mon, 18 Mar 2024 08:52:40 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-user-investigation-generic/m-p/580751#M3152 gyldz 2024-03-18T08:52:40Z