Please enter your information below to gain access to: IRI DarkShield Remediation Playbook for Splunk Phantom
This playbook, which you can modify, launches the DarkShield CLI utility to mask unprotected files that were found in a DarkShield search and indexed in Splunk Enterprise (Security). The playbook uses a qualifier in a Splunk search through the DarkShield search log, that triggers the remediation when a certain number of unprotected files were found.