Updated links in playbook yamls

ljstella · ljstella · commit e2b479c16fcb · 2025-06-24T11:27:20.000-05:00
diff --git a/playbooks/risk_notable_block_indicators.yml b/playbooks/risk_notable_block_indicators.yml
@@ -1,25 +1,25 @@
 name: Risk Notable Block Indicators
 id: 000edc96-ff2b-48b0-9f6f-83da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Response
 description: This playbook handles locating indicators marked for blocking and determining if any blocking playbooks exist. If there is a match to the appropriate tags in the playbook, a filter block routes the name of the playbook to launch to a code block.
 playbook: risk_notable_block_indicators
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Indicator_tagging_system
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/build-playbooks-compatible-with-the-dispatch_input_playbooks-utility
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/use-the-tagging-system-with-the-playbook-pack-for-splunk-soar
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_outputs:
-  - note_title
-  - note_content
+    - note_title
+    - note_content
   playbook_type: Automation
   vpe_type: Modern
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_enrich.yml b/playbooks/risk_notable_enrich.yml
@@ -1,24 +1,24 @@
 name: Risk Notable Enrich
 id: 010edc96-ff2b-48b0-9f6f-43da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Investigation
 description: This playbook collects the available Indicator data types within the event as well as available investigative playbooks. It will launch any playbooks that meet the filtered criteria.
 playbook: risk_notable_enrich
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/build-playbooks-compatible-with-the-dispatch_input_playbooks-utility
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_outputs:
-  - note_title
-  - note_content
+    - note_title
+    - note_content
   playbook_type: Automation
   vpe_type: Modern
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_import_data.yml b/playbooks/risk_notable_import_data.yml
@@ -1,32 +1,32 @@
 name: Risk Notable Import Data
 id: 020edc96-ff2b-48b0-9f6f-23da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Investigation
 description: This playbook gathers all of the events associated with the risk notable and imports them as artifacts. It also generates a custom markdown formatted note.
 playbook: risk_notable_import_data
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
-- http://docs.splunk.com/Documentation/ES/6.6.2/Admin/Configurecorrelationsearches#Use_security_framework_annotations_in_correlation_searches
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
+  - http://docs.splunk.com/Documentation/ES/6.6.2/Admin/Configurecorrelationsearches#Use_security_framework_annotations_in_correlation_searches
 app_list:
-- Splunk
+  - Splunk
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_outputs:
-  - note_title
-  - note_content
+    - note_title
+    - note_content
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   playbook_type: Automation
   vpe_type: Modern
   playbook_fields:
-  - event_id
-  - info_min_time
-  - info_max_time
-  - risk_object
-  - risk_object_type
+    - event_id
+    - info_min_time
+    - info_max_time
+    - risk_object
+    - risk_object_type
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_investigate.yml b/playbooks/risk_notable_investigate.yml
@@ -1,21 +1,21 @@
 name: Risk Notable Investigate
 id: 030edc96-ff2b-48b0-9f6f-03da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Investigation
 description: This playbook checks for the presence of the Risk Investigation workbook and updates tasks or leaves generic notes.
 playbook: risk_notable_investigate
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_type: Automation
   vpe_type: Modern
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_merge_events.yml b/playbooks/risk_notable_merge_events.yml
@@ -1,24 +1,24 @@
 name: Risk Notable Merge Events
 id: 040edc96-ff2b-48b0-9f6f-53da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Investigation
 description: This playbook finds related events based on key fields in a risk notable and allows the user to process the results and decide which events to merge into the current investigation.
 playbook: risk_notable_merge_events
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_outputs:
-  - note_title
-  - note_content
+    - note_title
+    - note_content
   playbook_type: Automation
   vpe_type: Modern
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_mitigate.yml b/playbooks/risk_notable_mitigate.yml
@@ -1,21 +1,21 @@
 name: Risk Notable Mitigate
 id: 050edc96-ff2b-48b0-9f6f-63da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Response
 description: This playbook checks for the presence of the Risk Response workbook and updates tasks or leaves generic notes. The risk_notable_verdict playbooks recommends this playbook as a second phase of the investigation. Additionally, this playbook can be used in ad-hoc investigations or incorporated into custom workbooks.
 playbook: risk_notable_mitigate
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_type: Automation
   vpe_type: Modern
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_preprocess.yml b/playbooks/risk_notable_preprocess.yml
@@ -1,7 +1,7 @@
 name: Risk Notable Preprocess
 id: 060edc96-ff2b-48b0-9f6f-13da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Investigation
 description: >-
@@ -10,21 +10,21 @@ description: >-
   2. Posts a link to this container in the comment field of Splunk ES.
   3. Updates the container name, description, and severity to reflect the data in the notable artifact."
 playbook: risk_notable_preprocess
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 app_list:
-- "Splunk"
+  - 'Splunk'
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   playbook_type: Automation
   vpe_type: Modern
   playbook_fields:
-  - event_id
-  - info_min_time
-  - info_max_time
+    - event_id
+    - info_min_time
+    - info_max_time
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_protect_assets_and_users.yml b/playbooks/risk_notable_protect_assets_and_users.yml
@@ -1,24 +1,24 @@
 name: Risk Notable Protect Assets and Users
 id: 070edc96-ff2b-48b0-9f6f-93da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Response
 description: This playbook attempts to find assets and users from the notable event and match those with assets and identities from Splunk ES. If a match was found and the user has playbooks available to contain entities, the analyst decides which entities to disable or quarantine.
 playbook: risk_notable_protect_assets_and_users
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/build-playbooks-compatible-with-the-dispatch_input_playbooks-utility
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   playbook_outputs:
-  - note_title
-  - note_content
+    - note_title
+    - note_content
   playbook_type: Automation
   vpe_type: Modern
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_review_indicators.yml b/playbooks/risk_notable_review_indicators.yml
@@ -1,21 +1,21 @@
 name: Risk Notable Review Indicators
 id: 080edc96-ff2b-48b0-9f6f-73da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Response
 description: This playbook was designed to be called by a user to process indicators that are marked as suspicious within the SOAR platform. Analysts will review indicators in a prompt and mark them as blocked or safe.
 playbook: risk_notable_review_indicators
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Indicator_tagging_system
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/use-the-tagging-system-with-the-playbook-pack-for-splunk-soar
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   playbook_type: Automation
   vpe_type: Modern
   product:
-  - Splunk SOAR
+    - Splunk SOAR
diff --git a/playbooks/risk_notable_verdict.yml b/playbooks/risk_notable_verdict.yml
@@ -1,21 +1,21 @@
 name: Risk Notable Verdict
 id: 090edc96-ff2b-48b0-9f6f-33da3783fd63
 version: 1
-date: "2021-10-22"
+date: '2021-10-22'
 author: Kelby Shelton, Splunk
 type: Response
 description: This playbook locates available playbooks with the response tag and presents them to the analyst. Based on the analyst selection, it will launch its chosen playbook.
 playbook: risk_notable_verdict
-how_to_implement: For detailed implementation see https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack
+how_to_implement: For detailed implementation see https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/get-started-with-the-risk-notable-playbook-pack-for-splunk-soar
 references:
-- https://docs.splunk.com/Documentation/ESSOC/latest/user/Useplaybookpack#Call_child_playbooks_with_the_dynamic_playbook_system
+  - https://help.splunk.com/en/splunk-enterprise-security-8/security-content-update/how-to-use-splunk-security-content/5.8/use-splunk-soar-playbooks-and-workbooks-from-the-risk-notable-playbook-pack/build-playbooks-compatible-with-the-dispatch_input_playbooks-utility
 app_list: []
 tags:
   labels:
-  - risk_notable
+    - risk_notable
   platform_tags:
-  - Risk Notable
+    - Risk Notable
   playbook_type: Automation
   vpe_type: Modern
   product:
-  - Splunk SOAR
+    - Splunk SOAR
