Hi Team,
I'm exploring options to automate the execution of a PowerShell script using variables extracted from a SecOps alert.

The purpose of the script is to validate user credentials that may have been exposed externally by querying LDAP, and to reflect the severity of the incident to the analyst based on the validation results.

Currently, our analysts manually run an on-premises PowerShell LDAP script to perform this validation. Since a SOAR remote agent is already deployed in the on-prem environment, I’m considering leveraging it to trigger the existing script automatically—passing relevant variables from the SecOps alert directly into the script.

This would allow me to build a playbook that fully automates the validation process end-to-end.

I’d appreciate any ideas or recommendations regarding built-in integrations that could support this use case, or alternative approaches that might help streamline and automate the workflow.

Thanks in advance!