I'm trying to enhance the Create Communication playbook to CC the
assigned to of an alert. The assignedTo field displays the First and
Last name of the SOC user using a lookup to the People module. I would
like to get the Email address to the assigne<!-- -->...
There appears to be two ways to send notification emails to users. Using
the Communication module or using the email templates module. While I
can find examples of using the communication module such as "Investigate
Suspicious Email" playbook in the ...
I reviewed the IR functionality, and it does include a module called
"Users". This doesn't appear to be a list of "Threat Actors" as is
described in the IR addon documentation: Vulnerability Management: The
Vulnerability Management section is a colle...
Thanks Amit.It would appear that using the MS AD Connector to sync users
to this module would give us targets.What does "on notice" mean? Not
familiar with this term.-=Dan=-Dan SmartInfo Security ManagerVulcan
Materials Company-----------------------...
Correction to the second question. What is the purpose of the Employee
Watchlist module? I see now this is for employees. Is this for managing
threat targets or for high risk users and privileged account
monitoring?-=Dan=-Dan SmartInfo Security Manag...
Thanks for the reply.Can you also expand on the use of the Sensitive
Files module? How should this be used?Can you expand on the use of the
Users module? Is this for storing "threat actors" or "target
users"?TIA-=Dan=---------------------------------...
Thanks for the suggestion. Using the API was our first thought as well.
Can you describe the workflow that was intended for using the Emails
module? Why should we use this instead of just using the Alerts module
directly? We use case does this
solve?...
