FortiSOAR Discussions
Anonymous
Not applicable

Comprehensive Lost/Stolen Device Response Solution Pack with FortiSOAR

The "Lost - Stolen Device Response Solution Pack" offers a collection of investigative procedures designed to address reports of lost or stolen devices that are submitted via email by end-users. These emails are typically generated by employees within the organization and sent to a shared Security Operations Center (SOC) email inbox.

This solution pack includes various playbooks and scenarios for responding to incidents involving lost or stolen devices. Here's a summary of the key components and actions described:

 

Features and Capabilities:

  • FortiSOAR can handle various scenarios and demonstrates features like the recommendation engine that lists alerts related to similar hosts, providing a complete incident picture.
  • You can initiate scenario simulations.

Playbooks:

  1. Reset Scenario:

    • Deletes created alerts and related records.
  2. Reset Scenario - Get Correlated Records:

    • Fetches all the correlated records created for the simulation.
  3. Run Scenario:

    • Executes a scenario and creates related records.
  4. Run Scenario - Create Alerts:

    • Creates records related to a scenario.
  5. Run Selected Scenario:

    • Executes a scenario and creates related records.

Reference: https://fortisoar.contenthub.fortinet.com//detail.html?entity=lost-StolenDeviceResponse&version=1.0....

0 REPLIES 0