-
Notifications
You must be signed in to change notification settings - Fork 359
/
Azure_AD_Account_Locking.yml
29 lines (29 loc) · 865 Bytes
/
Azure_AD_Account_Locking.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
name: Azure AD Account Locking
id: c3c0157d-7da0-46cb-8b97-327ee92f591c
version: 1
date: '2023-05-08'
author: Teoderick Contreras, Splunk
type: Investigation
description: "Accepts user, to be disabled using Azure AD Graph connector. This playbook produces a normalized observables output for each user and device."
playbook: Azure_AD_Account_Locking
how_to_implement: This input playbook requires the Azure AD Graph connector to be configured.
It is designed to work in conjunction with the Dynamic Attribute Lookup playbook or other playbooks in the same style.
references: []
app_list:
- Azure AD Graph
tags:
platform_tags:
- user
- D3-AL
- azure_ad_graph
- disable_account
playbook_type: Input
vpe_type: Modern
playbook_fields: []
product:
- Splunk SOAR
use_cases:
- Phishing
- Endpoint
defend_technique_id:
- D3-AL