New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloud user investigation #28843
Cloud user investigation #28843
Conversation
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml
Outdated
Show resolved
Hide resolved
Packs/GCP-Enrichment-Remediation/Playbooks/playbook-GCP_-_User_Investigation_README.md
Outdated
Show resolved
Hide resolved
Packs/GCP-Enrichment-Remediation/Playbooks/playbook-GCP_-_User_Investigation_README.md
Outdated
Show resolved
Hide resolved
Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic_README.md
Show resolved
Hide resolved
Packs/GCP-Enrichment-Remediation/Playbooks/playbook-GCP_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
@melamedbn Doc review completed. |
…nvestigation � Conflicts: � Packs/CommonPlaybooks/ReleaseNotes/2_3_88.md � Packs/GCP-Enrichment-Remediation/ReleaseNotes/1_1_5.md
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
… into Cloud_User_Investigation
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
For all of the AWS filters (API Access, Failed Login, etc.) I think we should elaborate in the task details what's our goal and what are we searching for. |
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml
Show resolved
Hide resolved
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml
Show resolved
Hide resolved
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml
Show resolved
Hide resolved
Azure - |
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Azure, AWS and GCP - all of the playbook descriptions should be formatted and more informative. |
This PR was automatically updated by a GitHub Action
To stop automatic version bumps, add the |
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/AWS-Enrichment-Remediation/Playbooks/playbook-AWS_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation.yml
Show resolved
Hide resolved
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation_README.md
Outdated
Show resolved
Hide resolved
Packs/Azure-Enrichment-Remediation/Playbooks/playbook-Azure_-_User_Investigation_README.md
Outdated
Show resolved
Hide resolved
Packs/GCP-Enrichment-Remediation/Playbooks/playbook-GCP_-_User_Investigation.yml
Outdated
Show resolved
Hide resolved
Packs/GCP-Enrichment-Remediation/Playbooks/playbook-GCP_-_User_Investigation.yml
Show resolved
Hide resolved
@melamedbn Doc review completed. |
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
…_Investigation.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* PB + RM cloud user investigation * RN for the Playbooks cloud user investigation * update skipifunavailable * Bump pack from version CommonPlaybooks to 2.3.88. * Bump pack from version CommonPlaybooks to 2.3.89. * Bump pack from version GCP-Enrichment-Remediation to 1.1.6. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix after doc review * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix after review * fix after review * fix after review * Bump pack from version CommonPlaybooks to 2.3.90. * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/GCP-Enrichment-Remediation/Playbooks/playbook-GCP_-_User_Investigation.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update playbook-AWS_-_User_Investigation.yml --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Status
Related Issues
fixes: link to the issue
Description
These playbooks perform an investigation on a specific user in cloud environments, using queries and logs from Azure Log Analytics, AWS CloudTrail, G Suite Auditor, and GCP Logging.
Must have