The automation Playbooks allow you to minimize response time and cut down on mundane manual labor by automating remediation tasks based on business and security conditions.
Creating a new Playbook
To create a new Playbook:
Click “Create new Playbook”.
Give your new Playbook a meaningful, unique name. Optionally also give it a description.
Add conditions on vulnerabilities and assets. The automation will only affect vulnerabilities and assets matching these criteria.
Use the Threats condition to create automation based on Threat Tags and Attack Vectors, such as Threat Intelligence tags by Mandiant or Recorded Future.
Use the switch to choose whether to run the automation on existing vulnerabilities or only on future vulnerabilities to come.
Add one or more Remediation actions. These are identical to the actions you can perform manually on a vulnerability. These actions will trigger when a new vulnerability is discovered.
Optionally, also add SLA breach actions. These actions will only trigger once a vulnerability has breached its SLA as configured on the Settings page.
When you are done, click Save and Run.
Creating a new Playbook from a Suggested Playbook
To create a new Playbook from a Suggested Playbook, click one of the Suggested Playbooks, modify it and click “Save”.
Modifying a Playbook
To view or edit an existing Playbook:
Go to Automation
Find your Playbook on the list and click on it.
Edit as needed and then click Save and Run.
Managing a Playbook
Go to Automation
Find your Playbook on the list and hover over it to make the toolbox visible.
You can pause, delete, duplicate, view actions, and view the activity log of the playbook.
Click here to learn more about monitoring Playbook Actions.
You can decide to trigger the playbook on existing vulnerabilities or run it only on new ones.
Playbooks run after any configurational change, as well as twice a day (scheduled).
Each Playbook is independent; it will trigger based on the conditions set regardless of other playbooks configured that were executed before or will execute after.