Skip to main content
 
Splunk Lantern

Creating and using playbooks in SOAR

 

Splunk SOAR playbooks automate security actions at machine speed. You can access your playbooks in the top-left corner of the main dashboard. 

Splunk SOAR comes with 100 pre-made playbooks right out of the box so you can start automating your security tasks right away.

The 5 most-used playbooks

Here are the five most-used playbooks that you might be interested to use:

  • Recorded Future Indicator Enrichment Playbook: This playbook enriches ingested events that contain file hashes, IP addresses, domain names, or URLs. Contextualizing these details around relevant threat intelligence and IOC helps accelerate the investigation.
  • Phishing Investigate and Respond Playbook: This playbook helps investigate incoming phishing emails and contains them automatically. With this playbook, investigation time shortens from 90 minutes on average on a single alert to 60 seconds.
  • Crowdstrike Malware Triage Playbook: This playbook enriches the alert that’s detected by Crowdstrike, and provides additional context for determining the severity. 
  • C2 Investigate and Contain Playbook: This playbook is designed to perform the investigative and potential containment steps required to properly handle a command-and-control attack scenario.
  • Recorded Future Correlation Response Playbook: This playbook is used to gather more context about the relevant network indicators as a response to a Splunk correlation search. The playbook gathers context and prompts the analyst. If an analyst approves a block, the playbook will automatically reach out to enforcement technologies and make the requested changes.

Check out the beginner’s Guide to SOAR - How to Automate 5 Security Processes in Under 30 Minutes or click here to learn more about the suggested playbooks and the benefits. 

The visual playbook editor in Splunk SOAR allows you to build and edit your own playbooks, without needing to jump to other tools. Watch the following video to learn more about visual playbook editor.