Pre-built services are services that are already configured and enabled by default. They're listed along other services in Automation Management. There is one pre-built playbook, the threatcenter service.
The threatcenter service integrates Automation Management with Threat Center. It has eight actions:
No op – Logs the message No operation performed.
Update Alert – Updates the associated Exabeam use cases, tags, priority, and MITRE ATT&CK® tactics and techniques of an alert with a given alert ID.[2]
Update Case – Updates the associated Exabeam use cases, tags, priority, ATT&CK tactics and techniques, stage, closed reason if the stage is changed to Closed, queue, and assignee of a case with a given case ID.
Alert: Send Email – Sends information about an alert with a given alert ID to a list of email addresses.
Alert: Send Webhook – Sends information about an alert with a given alert ID to a list of webhook IDS.
Case: Send Email – Sends information about a case with a given case ID to a list of email addresses.
Case: Send Webhook – Sends information about a case with a given case ID to a list of webhook IDs.
Create Case – Manually creates a case given a case ID and associated Exabeam use cases, tags, priority, ATT&CK tactics and techniques, stage, closed reason if the stage is Closed, queue, and assignee.
If you don't want to use a pre-built service, create your own service.
[2] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.