Documentation Turnkey Playbooks
Fully pre-configured turnkey playbooks are ready to run out of the box.
Turnkey playbooks are pre-configured playbooks that are ready for you to run, without having to purchase additional services to get the actions you need.
They are listed along other playbooks you created on the PLAYBOOKS page. Like a playbook you created yourself, you can run them manually or automatically with a playbook trigger.
These playbooks leverage an in-house service, Exabeam Actions, that is available out-of-the-box and free to use. The service supports basic actions, including:
To customize a turnkey playbook, you can also use it as a template.
Threat Intelligence Reputation Lookup Turnkey Playbook
Learn about the Threat Intelligence Reputation Lookup turnkey playbook and how it works.
The Threat Intelligence Reputation Lookup turnkey playbook helps you analyze and triage suspicious emails, like potential spam and phishing emails. It changes a Case Manager incident's priority based on the reputation of an email entity and its artifacts.
First, the playbook assesses the reputation of the incident's entities and artifacts, including:
Files attached to the email
IP addresses
Domains of any URLs in the email body
Domain of the sender's email address
If the playbook finds any IP addresses with a malicious reputation, it searches for other incidents that has the same IP address entity or artifact. View the output in the incident's workbench.
If any entity or artifact has a malicious reputation, the playbook escalates the incident's priority to critical. If none of the artifacts have a malicious reputation, the playbook de-escalates the incident's priority to low.