Collapse Navigation
Ctrl + /
Preview is
enabled for exploration of new features that will become part of production in the near future
0 Started executions from 2024/01/29 09:45:45 UTC to 2024/02/28 09:45:45 UTC
4me ITSM Alert
Create a 4me Problem or Request based on a Taegis XDR Alert
4me ITSM Investigation
Create a 4me Problem or Request based on a Taegis XDR Investigation
4me ITSM Investigation Sync
Sync 4me Problem or Request with Security Response Investigations
Activities for Microsoft 365 Defender Alerts
AD Change Password At Log On
Change Password At Log On for an AD user using the LDAP(S) Protocol
1 enabled | 0 disabled
AD Deactivate Change Password At Log On
Deactivate Change Password At Log On for an AD user using the LDAP(S) Protocol
AD Disable User
Disable User account for an AD using the LDAP(S) Protocol
2 enabled | 0 disabled
AD Enable User
Enable User account for an AD using the LDAP(S) Protocol
AD/LDAP Change Password
Change Password for an AD/LDAP user using the LDAP(S) Protocol
0 enabled | 1 disabled
AD/LDAP Look Up User
Look up an AD/LDAP user using the LDAP(S) Protocol
Alert Email Notification
Send email notifications for alerts
Alert Email Notification with Google Gmail
Send email notifications for alerts with Google Gmail API
Alert ITSM Sync
ServiceNow Alert to ITSM Incident Sync
Alert SIR Sync
ServiceNow Alert to Security Incident Sync
Amazon Web Services Disable User Access Keys
Amazon Web Services Disable User Login
Disable AWS Console login for a specific user
Amazon Web Services Disable User MFA Devices
Remove MFA Device for a specific AWS user
Amazon Web Services Enable User Access Keys
Amazon Web Services Enable User Login
AWS Console create a new login profile with a predefined password for a specific user
Amazon Web Services Look Up User
Look up an Amazon Web Services User
Amazon Web Services Update IP Set
Block/unblock an IP address in AWS WAF
3 enabled | 0 disabled
Automated Action AD Change Password At Log On
Automatically change password at log on for on all users in an alert using using the LDAP(S) Protocol
Automated Action AD Disable User
Automatically disable all users in an alert using using the LDAP(S) Protocol
Automated Action Azure AD Disable User
Automatically disable all users in an alert using the Microsoft Graph API
Automated Action Azure AD Force Password Reset
Automatically force a password reset on all users in an alert using the Microsoft Graph API
Automated Action Isolate Host Red Cloak
Automated Action Isolate Host Taegis Agent
Azure AD Disable User
Disable Azure AD user account using the Microsoft Graph API
1 enabled | 1 disabled
Azure AD Enable User
Enable Azure AD user account using the Microsoft Graph API
Azure AD Force Password Reset
Force a password reset on an Azure AD user account using the Microsoft Graph API
Azure AD Look Up User
Look up an Azure AD user using the Microsoft Graph API
Azure OpenAI Enrich Investigation
Enrich the key findings of an investigation via Azure OpenAI
Carbon Black EDR - Block Filehash
Carbon Black EDR (Endpoint Detection and Response) Block Filehash
Carbon Black EDR - Unblock Filehash
Carbon Black EDR (Endpoint Detection and Response) Unblock Filehash
CB Cloud - Isolate
VMWare Carbon Black Cloud Isolate
CB Cloud - Undo Isolate Host
VMWare Carbon Black Cloud Undo Isolate Host
Change Password At Next Login Google Workspace Admin SDK API
Enable Change Password At Next Login for a user using Google Workspace Admin SDK API
Change Password Google Workspace Admin SDK API
Change Password of a user using Google Workspace Admin SDK API
Cisco Meraki Activities
Block and unblock resources in Cisco Meraki
Comments To Email Notification
Send Taegis Investigation Comments via an Email
Comments To Mattermost Notification
Send Taegis Investigation Comments To Mattermost
Comments To Microsoft Teams Notification
Send Taegis Investigation Comments To Microsoft Teams
Comments To Salesforce Slack Notification
Send Taegis Investigation Comments To Salesforce Slack
Comments To ServiceNow WorkNote
Send Taegis Investigation Comments To ServiceNow WorkNote
Cortex XSOAR Alert Incident
Create a Cortex XSOAR Incident based on a Taegis XDR Alert
Cortex XSOAR Investigation Sync
Sync XDR investigations to Cortex XSOAR incidents
Create Investigations from Alerts
Create XDR Investigations from Alerts
2 enabled | 1 disabled
Create ServiceNow User
CrowdStrike Falcon Endpoint - Isolate
CrowdStrike Falcon Endpoint Protection Isolate
CrowdStrike Falcon Endpoint - Undo Isolate
CrowdStrike Falcon Endpoint Protection Undo Isolate Host
Deactivate Change Password At Next Login Google Workspace Admin SDK API
Deactivate Change Password At Next Login for a user using Google Workspace Admin SDK API
Deactivate ServiceNow User
DEV - Automated Action Azure AD Force Password Reset
DEV - Automated Action Azure AD Revoke User Sessions
Automatically force session revocation on all users in an alert using the Microsoft Graph API
Dev Automated Action Evaluate SignIns and Respond
Automated respond
Dev Azure AD Evaluate MFA SignIns
Dev Azure AD Look Up User
For development of AO custom playbook. Do not use.
Dev Investigation Asset Identification
Identify endpoints/networks associated with an investigation
Endpoint Tagging
This playbook can be used to add/remove tags to any number of endpoints.
Endpoint Tagging - Multi
Allow running Endpoint Tagging playbooks multiple times for different criteria
Entity Response Block Domain
Enables the Block Domain response action
Entity Response Block File Hash
Enables the Block File Hash response action on file hashes
Entity Response Block IP
Enables the Block IP response action on IP addresses
Entity Response Confirm User As Compromised
Confirm User As Compromised
Entity Response Dismiss User As Compromised
Dismiss User As Compromised
Entity Response Initiate Antivirus Scan on Asset
Initiate Antivirus Scan on Asset
Entity Response Isolate Host
Enables the Isolate Host response action on hosts
Entity Response UnBlock Domain
Enables the UnBlock Domain response action
Entity Response UnBlock File Hash
Enables the UnBlock File Hash response action on file hashes
Entity Response UnBlock IP
Enables the UnBlock IP response action on IP addresses
Entity Response UnIsolate Host
Enables the UnIsolate Host response action on hosts
EverBridge Alert Incident
Create an EverBridge Incident based on a Taegis XDR Alert
EverBridge Investigation Incident
Create an EverBridge Incident based on a Taegis XDR Investigation
Freshdesk Investigation Sync
Sync Taegis investigations with Freshdesk incidents
Freshservice Alert Ticket
Create a Freshservice Ticket based on a Taegis Alert
Freshservice Investigation Sync
Sync Taegis investigations with Freshservice tickets
Freshservice Investigation Ticket
Create a Freshservice Ticket based on a Taegis Investigation
Generic Webhook
Post all inputs to a webhook URL
Halo ITSM Investigation Synch
Synch XDR Investigations with Halo ITSM incidents
Health Event Investigation
Create Taegis Investigations from Health Events
Investigation CrowdStrikeFalcon Incident Sync
Sync Investigations to CrowdStrikeFalcon Incidents
Investigation Email Notification
Send email notifications for investigations
Investigation Email Notification with Google Gmail
Send email notifications for Investigation with Google Gmail API
Investigation ITSM Sync
ServiceNow Investigation 1-way Sync to ITSM Incidents
Investigation Service Now MultiTeam Sync
Investigation ServiceNow MultiTeam Sync
Investigation SIR Sync
ServiceNow Investigation Sync to Security Incident Response
Investigation SMAX Sync
Taegis Investigation sync to Microfocus SMAX ticket
Investigations Email Report
Email report about Taegis Investigations
iSensor Block
Block (shun) a specific IP address on a Secureworks iSensor
iSensor Firewall Modification
Perform various iSensor firewall related actions
iSensor Unblock
Unblock (unshun) a specific IP address on a Secureworks iSensor
Jira Alert Issue
Create an Atlassian Jira Issue based on a Taegis XDR Alert
Jira Investigation Issue
Create an Atlassian Jira Issue based on a Taegis XDR Investigation
Jira Investigation Sync
Sync Jira issue with Security Response Investigations
JupiterOne Investigation AWS Instance Enrichment
Enrich an investigation with AWS instance context from JupiterOne
Look Up User Google Workspace Admin SDK API
Look up a user using Google Workspace Admin SDK API
ManageEngine ServiceDesk Plus Alert
Playbook used to create Requests with ManageEngine Service Desk Plus from Taegis XDR Alerts
ManageEngine ServiceDesk Plus Investigation Sync
Playbook used to sync Investigations with ManageEngine Service Desk Plus Requests
Mark TenantLabel Information Playbook
Mark Dumps TenantLabel Information
MD ATP - Block Filehash Globally
Microsoft Defender ATP Block Filehash Globally
MD ATP - Host Response Action
Perform various response actions against a Microsoft Defender host
4 enabled | 0 disabled
MD ATP - Isolate
Microsoft Defender ATP Isolate
MD ATP - Single Endpoint Filehash Block
Microsoft Defender ATP Block Filehash on a Single Endpoint
MD ATP - Undo Isolate Host
Microsoft Defender ATP Undo Isolate Host
MDE - Global Indicator Activities
Microsoft Defender for Endpoint Global Indicator Activities
2 enabled | 4 disabled
Microsoft 365 Defender Alert Status Sync
Sync Microsoft 365 Defender Alert Status with Taegis XDR Alert Status
Microsoft Identity Protection Activities for Risky User
Update Microsoft Entra user's risk level (Microsoft Identity Protection Risky User) based on the status of a Taegis XDR Alert.
Update Microsoft Entra user's risk state (Microsoft Identity Protection Risky User) via Taegis XDR User Entity.
Microsoft Teams Notification
Send a Microsoft Teams notification via webhook
Notifications via Google Workspace Chat
Send Taegis notifications to Google Workspace Chat webhook
OpenAI Enrich Investigation
Enrich the key findings of an investigation via OpenAI
OPNsense Activities
Block and unblock IP in OPNsense
Opsgenie XDR Alert
Create an Atlassian Opsgenie Alert or Incident based on a Taegis XDR Alert
Opsgenie XDR Investigation
Create an Atlassian Opsgenie Alert or Incident based on a Taegis XDR Investigation
PagerDuty Alert Event
Send a PagerDuty Event based on a Taegis XDR Alert
PagerDuty Investigation Event
Send a PagerDuty Event based on a Taegis XDR Investigation
PagerDuty Investigation Sync
Sync PagerDuty incidents with Security Response Investigations
Palo Alto Networks PAN-OS Block/Unblock
Block and unblock IP/CIDR or Domain in Palo Alto Networks PAN-OS
RC - Isolate
Red Cloak Isolate
RC - Undo Isolate Host
Red Cloak Undo Isolate Host
RC Disable Process Disruption
Disable a disrupt process (block filehash) rule in RedCloak
RC Process Disruption
Disrupt process (block filehash) in RedCloak
Reactivate User Google Workspace Admin SDK API
Reactivate a user using Google Workspace Admin SDK API
Salesforce Slack Notification
Send a Salesforce Slack Notification via Webhook
SCADAfence Platform Investigation Enrichment
Enrich a Taegis Investigation with SCADAfence alert/asset details
Send Notification Message
Send a notification message to a supported messaging platform
Sentinel One Threat Mitigation Response Actions
Perform Threat Mitigation response actions against Taegis Alerts
SentinelOne - Host Response Actions
Perform various response actions against a SentinelOne agent
ServiceNow Bidirectional Investigation Sync (Inbound)
Update a Taegis Investigation based on data provided by Servicenow
ServiceNow Bidirectional Investigation Sync (Outbound)
Sync an investigation with Servicenow utilizing Import Sets
Suspend User Google Workspace Admin SDK API
Suspend a user using Google Workspace Admin SDK API
Taegis Agent - Isolate
Taegis Agent Isolate
Taegis Agent - Restore
Taegis Agent Restore from isolation
Update Investigation with Azure AD User Detail
Update Investigation with Endpoint Summary
Update Investigation with IPQualityScore Result
Update Investigation with Network Flow Summary
Update Investigation with Retrieved eMail
Update Investigation with Taegis VDR Result
Update Investigation with VPNAPI.io Result
Update Investigation with ZenQuotes
Update ServiceNow User
Generic ServiceNow user update
Update Taegis Investigation
Allow for updating an existing Taegis investigation
xMatters Webhook Alert
Trigger an xMatters event from an Alert via Webhook
xMatters Webhook Investigation
Trigger an xMatters event from an Investigation via Webhook
Zendesk Investigation Sync
Sync XDR Investigations with Zendesk incidents
Build a new playbook template
Import a playbook template
1036 Total executions from 2024/01/29 09:45:45 UTC to 2024/02/28 09:45:45 UTC
53 Failed executions from 2024/01/29 09:45:45 UTC to 2024/02/28 09:45:45 UTC
981 Completed executions from 2024/01/29 09:45:45 UTC to 2024/02/28 09:45:45 UTC
2 Canceled executions from 2024/01/29 09:45:45 UTC to 2024/02/28 09:45:45 UTC
