Automated Incident Response
Article Type: Topic
- Deleting web shells automaticallyHow to use Splunk software to create an automated way to remove any web shells created during exploitation so that you don't forget about them.
- Disabling inactive user accounts in AWSYou would like to create a semi-automated process that is repeatable and extensible for deleting inactive users in AWS.
- Enriching suspicious email domainsExamine domain names, add the risk score, risk status, and domain category to the event in Splunk SOAR.
- Identifying inactive user accounts in AWSHow to use Splunk to create a semi-automated process that is repeatable and extensible for identifying inactive AWS users.
- Terminating W3WP spawned processesHow to use Splunk software to create an automated way to terminate W3WP spawned processes.