Compromised Credentials Match - Flashpoint

The Compromised Credentials Match playbook uses the details of the compromised credentials ingested from Flashpoint Ignite and authenticates using the Active Directory integration by providing the compromised credentials of the user. It then expires the credentials if it matches, and sends an email alert about the breach. Supported integrations: - Flashpoint - OpenLDAP - Active Directory Query v2

Flashpoint · 11 tasks · 3 inputs · 0 outputs

Inputs

  • username — The username of the compromised credentials account.
  • password — The password of the compromised credentials account.
  • sendEmailAsWarning — Boolean input whether to send email or not.

Commands used

ad-authenticate ad-expire-password send-mail

Flowchart

yes Yes yes yes yes yes Start Start Authenticate user - ad-authenticate Authenticate user ad-authenticate Expire current password - ad-expire-password Expire current password ad-expire-password Send password reset mail - send-mail Send password reset mail send-mail Done Done Is OpenLDAP integration enabled? Is OpenLDAP integration e... Is send email as warning enabled? Is send email as warning ... Is Active Directory Query V2 integration enabled? Is Active Directory Query... Is IncidentType Flashpoint Compromised Credentials? Is IncidentType Flashpoin... Is authentication successful? Is authentication success... Is Flashpoint Ignite integration enabled? Is Flashpoint Ignite inte...