File Private Scanning - Google Threat Intelligence

This playbook submits a file for private scanning, retrieves and evaluates the analysis verdict, and automatically creates a ServiceNow ticket using the "ServiceNow v2" integration when the file is determined to be malicious.

GoogleThreatIntelligence · 11 tasks · 1 input · 0 outputs

Inputs

  • file_id — Fetch the Entry ID of the last submitted file from the incident.

Commands used

gti-private-file-scan-and-analysis-get servicenow-update-ticket

Flowchart

yes yes yes yes Start Start Is Google Threat Intelligence integration enabled? Is Google Threat Intellig... Clear Previous input - DeleteContext Clear Previous input DeleteContext Check whether EntryID available in playbook input Check whether EntryID ava... Private file scan and analysis using GTI - gti-private-file-scan-and-analysis-get Private file scan and ana... gti-private-file-scan-and-ana... Check Private file Analysis data meet high risk criteria? Check Private file Analys... Is ServiceNow v2 integration enabled? Is ServiceNow v2 integrat... Create ServiceNow Ticket - Create ServiceNow Ticket Create ServiceNow Ticket Create ServiceNow Ticket Update description of ServiceNow ticket - servicenow-update-ticket Update description of Ser... servicenow-update-ticket Done Done War room entry for Created Ticket - Print War room entry for Create... Print