Automation Playground is the area that:
Provides you with a consolidated view of all the automated and on-demand actions executed in SIRP.
Allows you to view the output of any action.
Provides you with a central view of all the artifacts in the system.
Allows you to execute new on-demand Actions without the need to go into (or associated your action’s output with) any container. You can execute any action on any existing non-existent artifact and view its output in the same view.
Click on the View icon under the Actions column to view the output of the executed action and click on the Delete icon to delete the execution result.
Execute New Action
To execute a new action, click on the “Execute New Action” button. Perform the selections in sequence as explained below:
Application
Click on the dropdown list and select one of the available applications that you want to execute an action on.
Action
Choose one of the available actions within the selected App. For example, if you chose MaxMin from the Application dropdown list, the displayed Action will include:
get_ip_geolocation
Input
Enter the value as the input of your action.
Artifacts
Artifacts are actionable intelligence or evidence collected before or during an investigation. Artifacts are also known as IOCs (Indicators of Compromise) Some examples of artifacts are IP addresses, hashes, usernames, email addresses, email headers, etc.
This section displays a list of all the artifacts added in SIRP. To access the artifacts, navigate to the Main Menu, select Automation Playground, and click on Artifacts.
You can add a new artifact by clicking on the Add button provided at the top of the page.
Select the appropriate artifact Type which is used to identify supported actions. Enter the Artifact (value). Select the Validity which signifies if the artifact is still valid (malicious) or not. Then click Create. The newly added artifact will appear in the Artifacts list.
Click on the play icon under the Actions column to execute a new action against the artifact.