Skip to main content

 

Splunk Lantern

Using playbooks in Splunk SOAR

Use the following links to access and work with playbooks:

The following are two high-value playbooks to get you started.

AWS IAM find and disable inactive users

This playbook finds AWS user accounts that have the password last used “older than 90 days”, followed by a second playbook that disables the users identified from the first playbook. 

Splunk Lantern also features a use case for this playbook that explains more about how to use it.

Malware triage using Crowdstrike Falcon endpoint security

The combination of Crowdstrike and Splunk SOAR allows for a smoother operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps. This out-of-the-box playbook triages malware detections from Crowdstrike and automates a variety of responses based on an informed decision by an analyst.

Splunk Lantern also features a use case for this playbook that explains more about how to use it.

  • Was this article helpful?