Automated Incident Response

Deleting web shells automaticallyHow to use Splunk software to create an automated way to remove any web shells created during exploitation so that you don't forget about them.
Disabling inactive user accounts in AWSYou would like to create a semi-automated process that is repeatable and extensible for deleting inactive users in AWS.
Enriching suspicious email domainsExamine domain names, add the risk score, risk status, and domain category to the event in Splunk SOAR.
Identifying inactive user accounts in AWSHow to use Splunk to create a semi-automated process that is repeatable and extensible for identifying inactive AWS users.
Terminating W3WP spawned processesHow to use Splunk software to create an automated way to terminate W3WP spawned processes.