Automated Incident Response
Incidents with established SOPs have incorporated automation for searches and actions.
Article Type: Topic
- Creating an Incident Response Plan (IRP)Addressing cybersecurity incidents on the fly without a plan causes difficulty and stress. Incident preparedness and having a plan can reduce unprepared panic.
- Deleting web shells automaticallyHow to use Splunk software to create an automated way to remove any web shells created during exploitation so that you don't forget about them.
- Disabling inactive user accounts in AWSYou would like to create a semi-automated process that is repeatable and extensible for deleting inactive users in AWS.
- Enriching suspicious email domainsExamine domain names, add the risk score, risk status, and domain category to the event in Splunk SOAR.
- Identifying inactive user accounts in AWSHow to use Splunk to create a semi-automated process that is repeatable and extensible for identifying inactive AWS users.
- Terminating W3WP spawned processesHow to use Splunk software to create an automated way to terminate W3WP spawned processes.