1k Total
Completed
Started
Failed
Canceled
Create a 4me Problem or Request based on a Taegis XDR Alert

Create a 4me Problem or Request based on a Taegis XDR Investigation

Sync 4me Problem or Request with Security Response Investigations

Activities for Microsoft 365 Defender Alerts
Change Password At Log On for an AD user using the LDAP(S) Protocol

Deactivate Change Password At Log On for an AD user using the LDAP(S) Protocol

Disable User account for an AD using the LDAP(S) Protocol

Enable User account for an AD using the LDAP(S) Protocol

Change Password for an AD/LDAP user using the LDAP(S) Protocol

Look up an AD/LDAP user using the LDAP(S) Protocol

Send email notifications for alerts

Send email notifications for alerts with Google Gmail API

ServiceNow Alert to ITSM Incident Sync

ServiceNow Alert to Security Incident Sync

Amazon Web Services Disable User Access Keys

Disable AWS Console login for a specific user

Remove MFA Device for a specific AWS user

Amazon Web Services Enable User Access Keys

AWS Console create a new login profile with a predefined password for a specific user

Look up an Amazon Web Services User

Block/unblock an IP address in AWS WAF
Block/unblock an IP address in AWS WAF

Block/unblock an IP address in AWS WAF

Automatically change password at log on for on all users in an alert using using the LDAP(S) Protocol

Automatically disable all users in an alert using using the LDAP(S) Protocol

Automatically disable all users in an alert using the Microsoft Graph API

Automatically force a password reset on all users in an alert using the Microsoft Graph API

Automated Action Isolate Host Red Cloak

Automated Action Isolate Host Taegis Agent

Disable Azure AD user account using the Microsoft Graph API

Enable Azure AD user account using the Microsoft Graph API

Force a password reset on an Azure AD user account using the Microsoft Graph API

Look up an Azure AD user using the Microsoft Graph API

Enrich the key findings of an investigation via Azure OpenAI

Carbon Black EDR (Endpoint Detection and Response) Block Filehash

Carbon Black EDR (Endpoint Detection and Response) Unblock Filehash

VMWare Carbon Black Cloud Isolate

VMWare Carbon Black Cloud Undo Isolate Host

Enable Change Password At Next Login for a user using Google Workspace Admin SDK API

Change Password of a user using Google Workspace Admin SDK API

Block and unblock resources in Cisco Meraki

Send Taegis Investigation Comments via an Email

Send Taegis Investigation Comments To Mattermost

Send Taegis Investigation Comments To Microsoft Teams

Send Taegis Investigation Comments To Salesforce Slack

Send Taegis Investigation Comments To ServiceNow WorkNote

Create a Cortex XSOAR Incident based on a Taegis XDR Alert
Sync XDR investigations to Cortex XSOAR incidents

Create XDR Investigations from Alerts

Create ServiceNow User

CrowdStrike Falcon Endpoint Protection Isolate

CrowdStrike Falcon Endpoint Protection Undo Isolate Host

Deactivate Change Password At Next Login for a user using Google Workspace Admin SDK API

Deactivate ServiceNow User

Automatically force a password reset on all users in an alert using the Microsoft Graph API

Automatically force session revocation on all users in an alert using the Microsoft Graph API

Automated respond

Look up an Azure AD user using the Microsoft Graph API
For development of AO custom playbook. Do not use.
Identify endpoints/networks associated with an investigation

This playbook can be used to add/remove tags to any number of endpoints.

Allow running Endpoint Tagging playbooks multiple times for different criteria

Enables the Block Domain response action

Enables the Block File Hash response action on file hashes

Enables the Block IP response action on IP addresses

Confirm User As Compromised

Dismiss User As Compromised

Initiate Antivirus Scan on Asset

Enables the Isolate Host response action on hosts

Enables the UnBlock Domain response action

Enables the UnBlock File Hash response action on file hashes

Enables the UnBlock IP response action on IP addresses

Enables the UnIsolate Host response action on hosts

Create an EverBridge Incident based on a Taegis XDR Alert

Create an EverBridge Incident based on a Taegis XDR Investigation

Sync Taegis investigations with Freshdesk incidents

Create a Freshservice Ticket based on a Taegis Alert

Sync Taegis investigations with Freshservice tickets

Create a Freshservice Ticket based on a Taegis Investigation

Post all inputs to a webhook URL

Synch XDR Investigations with Halo ITSM incidents

Create Taegis Investigations from Health Events

Sync Investigations to CrowdStrikeFalcon Incidents

Send email notifications for investigations

Send email notifications for Investigation with Google Gmail API

ServiceNow Investigation 1-way Sync to ITSM Incidents

Investigation ServiceNow MultiTeam Sync

ServiceNow Investigation Sync to Security Incident Response

Taegis Investigation sync to Microfocus SMAX ticket

Email report about Taegis Investigations

Block (shun) a specific IP address on a Secureworks iSensor

Perform various iSensor firewall related actions

Unblock (unshun) a specific IP address on a Secureworks iSensor

Create an Atlassian Jira Issue based on a Taegis XDR Alert

Create an Atlassian Jira Issue based on a Taegis XDR Investigation

Sync Jira issue with Security Response Investigations

Enrich an investigation with AWS instance context from JupiterOne

Look up a user using Google Workspace Admin SDK API

Playbook used to create Requests with ManageEngine Service Desk Plus from Taegis XDR Alerts

Playbook used to sync Investigations with ManageEngine Service Desk Plus Requests

Mark Dumps TenantLabel Information
Microsoft Defender ATP Block Filehash Globally

Perform various response actions against a Microsoft Defender host

Microsoft Defender ATP Isolate

Microsoft Defender ATP Block Filehash on a Single Endpoint

Microsoft Defender ATP Undo Isolate Host

Microsoft Defender for Endpoint Global Indicator Activities

Sync Microsoft 365 Defender Alert Status with Taegis XDR Alert Status

Update Microsoft Entra user's risk level (Microsoft Identity Protection Risky User) based on the status of a Taegis XDR Alert.
Update Microsoft Entra user's risk state (Microsoft Identity Protection Risky User) via Taegis XDR User Entity.

Send a Microsoft Teams notification via webhook

Send Taegis notifications to Google Workspace Chat webhook

Enrich the key findings of an investigation via OpenAI

Block and unblock IP in OPNsense
Create an Atlassian Opsgenie Alert or Incident based on a Taegis XDR Alert

Create an Atlassian Opsgenie Alert or Incident based on a Taegis XDR Investigation

Send a PagerDuty Event based on a Taegis XDR Alert

Send a PagerDuty Event based on a Taegis XDR Investigation

Sync PagerDuty incidents with Security Response Investigations

Block and unblock IP/CIDR or Domain in Palo Alto Networks PAN-OS

Red Cloak Isolate

Red Cloak Undo Isolate Host

Disable a disrupt process (block filehash) rule in RedCloak

Disrupt process (block filehash) in RedCloak

Reactivate a user using Google Workspace Admin SDK API

Send a Salesforce Slack Notification via Webhook

Enrich a Taegis Investigation with SCADAfence alert/asset details

Send a notification message to a supported messaging platform

Perform Threat Mitigation response actions against Taegis Alerts

Perform various response actions against a SentinelOne agent

Update a Taegis Investigation based on data provided by Servicenow

Sync an investigation with Servicenow utilizing Import Sets

Suspend a user using Google Workspace Admin SDK API

Taegis Agent Isolate

Taegis Agent Restore from isolation

Update Investigation with Azure AD User Detail

Update Investigation with Endpoint Summary

Update Investigation with IPQualityScore Result

Update Investigation with Network Flow Summary

Update Investigation with Retrieved eMail

Update Investigation with Taegis VDR Result

Update Investigation with VPNAPI.io Result

Update Investigation with ZenQuotes

Generic ServiceNow user update

Allow for updating an existing Taegis investigation

Trigger an xMatters event from an Alert via Webhook

Trigger an xMatters event from an Investigation via Webhook

Sync XDR Investigations with Zendesk incidents