Automated Incident Response

Article Type: Topic

• Creating an Incident Response Plan (IRP)Addressing cybersecurity incidents on the fly without a plan causes difficulty and stress. Incident preparedness and having a plan can reduce unprepared panic.
• Deleting web shells automaticallyHow to use Splunk software to create an automated way to remove any web shells created during exploitation so that you don't forget about them.
• Disabling inactive user accounts in AWSYou would like to create a semi-automated process that is repeatable and extensible for deleting inactive users in AWS.
• Enriching suspicious email domainsExamine domain names, add the risk score, risk status, and domain category to the event in Splunk SOAR.
• Identifying inactive user accounts in AWSHow to use Splunk to create a semi-automated process that is repeatable and extensible for identifying inactive AWS users.
• Terminating W3WP spawned processesHow to use Splunk software to create an automated way to terminate W3WP spawned processes.