IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Playbook Solution to Block Malicious IPs via Email Approval

  • 1.  Playbook Solution to Block Malicious IPs via Email Approval

    Posted Wed July 10, 2024 05:31 AM

    HI All,

    We have received a requirement from one of our customers and are seeking a playbook solution to block malicious IPs through email approval. The proposed steps are as follows:

    1. An analyst will create a manual incident. Once the artifact is added, an email containing the IP artifacts will be triggered.
    2. This email will be sent to the Single Point of Contact (SPOC) and they don't have SOAR access.
    3. Upon approval of the email by the SPOC, the information will be sent to the SOAR platform, and the IPs will be blocked automatically.

    We would greatly appreciate any suggestions or recommendations you may have to enhance this process.

    Thanks,
    Bhagyesh



    ------------------------------
    Bhagyesh Limbad
    ------------------------------


  • 2.  RE: Playbook Solution to Block Malicious IPs via Email Approval

    Posted Wed July 10, 2024 08:36 AM

    Hi Bhagyesh,

    You should take a look at the "Email Approval Content Pack" available at the IBM App Exchange: https://exchange.xforce.ibmcloud.com/hub/extension/0cba4f17081967f3b875285926fa22ca

    I think it should do what you want to do.



    ------------------------------
    Pierre Dufresne
    ------------------------------

    Original Message


Related Content