Powered by

# Mission Control Remediation

After adding the playbooks to Splunk SOAR and updating the Response Template, the embedded playbook automatically executes for the "Render Verdict" phase to contain assets automatically. Saying "no" to one of the actions still allows you to follow up with an "ad-hoc" action to contain an artifact.

MC Contain
MC Contain

# How do I use these playbooks?

  1. Add this repo as a Git source to Splunk SOAR.
  2. Set playbook to be Active in Splunk SOAR
  3. Add the "Protect Users and Assets" to the Encoded PowerShell Detection Response plan.

# How will it work?

The playbook will automatically execute for the encoded powershell incident. You will have to manually click the "bell" icon in the upper right of the screen to reveal the notifications. You can then select the prompt.