Playbooks: An approach or strategy defining predetermined responses worked out ahead of time.
A playbook can help automate and orchestrate your response and can be run manually or set to run automatically when specific alerts are triggered.
How Playbooks work
Playbooks contain a list of tasks that are performed in order and triggered upon some specific events repeatedly if enabled.
Let’s take this example of a conditional case:
1. A new risk is generated.
2. Check if it’s priority is high or any other condition.
3. If true, send email.
4. Otherwise, post to slack.
What do you understand by ‘Actions’?
The Action itself represents the typical aim to achieve something. In Playbooks, actions can be taken against a suspicious alert or a spike within a network activity. Following is the list of actions the user can perform.
- Email: Notifies the person in charge of that platform.
- AWS Request: API’s are called within this action block.
- Azure Request: it’s purpose is the same as AWS; calling the API.
- Condition: Lets you correlate ‘if’ conditions according to the activity.
If the playbook was successful, a pop up notification appears on the user screen that displays the succession of the playbook and a path highlighted by green color is shown which identifies which nodes are run as shown below: