risk_notable_import_data.yml

name: Risk Notable Import Data
id: 020edc96-ff2b-48b0-9f6f-23da3783fd63
version: 1
date: "2021-10-22"
author: Kelby Shelton, Splunk
type: Investigation
description: This playbook gathers all of the events associated with the risk notable and imports them as artifacts. It also generates a custom markdown formatted note.
playbook: risk_notable_import_data
how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
references:
- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
- http://docs.splunk.com/Documentation/ES/6.6.2/Admin/Configurecorrelationsearches#Use_security_framework_annotations_in_correlation_searches
app_list:
- Splunk
tags:
  labels:
  - risk_notable
  playbook_outputs:
  - note_title
  - note_content
  platform_tags:
  - Risk Notable
  playbook_type: Automation
  vpe_type: Modern
  playbook_fields:
  - event_id
  - info_min_time
  - info_max_time
  - risk_object
  - risk_object_type
  product:
  - Splunk SOAR