Integrate a SOAR playbook for NetApp Ransomware Resilience
Suggest changes
PDFs
Ransomware Resilience offers security orchestration, automation, and response (SOAR) playbooks that enable you to automate tasks such as threat response.
Ransomware Resilience playbooks offer the following capabilities:
-
Block a user*
-
Create a snapshot of a volume
-
Enrich an IP address with threat intelligence
-
Enrich storage information for a given agent and system
-
Take a volume offline for incident response
-
Test connectivity
-
Review the status of an enrichment job
* Blocking a user is only supported for Splunk and Google SecOps SOAR playbooks. You must have configured user behavior detection on a supported system to block a user.
Playbooks
Ransomware Resilience offers playbooks for Google SecOps, Microsoft Sentinel, and Splunk. Review the respective GitHub pages for setup details.
|
For Splunk Cloud, you must be running platform version 7.0, 7.1, 7.2, 8.0, or 8.4. For more information, see Splunkbase. |
|
|
For Azure NetApp Files systems, review the limitations for Azure NetApp Files with SOAR. |