Calculate Severity - Critical Assets v2
Determines if a critical assest is associated with the invesigation. The playbook returns a severity level of "Critical" if at least one critical asset is associated with the investigation. Critical assets refer to: users, user groups, endpoints and endpoint groups.
Common Playbooks · 32 tasks · 5 inputs · 6 outputs
Inputs
CriticalUsers— CSV of critical users.CriticalEndpoints— CSV of critical endpoints.CriticalGroups— CSV of DN names of critical AD groups.Account— User accounts to check against the critical lists.Endpoint— Endpoints to check against the CriticalEndpoints list.
Outputs
Severities.CriticalAssetsSeverity— The score returned by the Calculate Severity - Critical Assets v2 playbook.CriticalAssets— All critical assets involved in the incident.CriticalAssets.CriticalEndpoints— Critical endpoints involved in the incident.CriticalAssets.CriticalEndpointGroups— Critical endpoint-groups involved in the incident.CriticalAssets.CriticalUsers— Critical users involved in the incident.CriticalAssets.CriticalUserGroups— Critical user-groups involved in the incident.