Does any workflow available for disabling users in active directory when the detection rule Suspicious authentication Non-approved country triggered

workflow for disabling user in active directory when detection rule from detection rule library was triggered

Create a new workflow
Select Trigger: “InsightIDR Detection Rule”
Select “Ingress Auth”
Click “Add Detection Rule”
Select the rule you want (eg the Non-approved countries)

Build the rest of your workflow (disable user etc)