Receive a webhook from Elastic to initiate the creation of a SIEM case and link alerts. Analyze the IP, add location and enrichment data, query Elasticsearch for related hits, and decide whether to isolate the host.
How it works
Import this story to your tenant, from where you can adapt it to meet your unique needs.
Import