Help Center/ SecMaster/ User Guide/ Playbook Overview/ Automatic Notification of High-Risk Alerts
Updated on 2024-11-06 GMT+08:00
View PDF

Automatic Notification of High-Risk Alerts

Playbook Overview

This playbook can automatically notify you of new high-risk alerts after removing repeated ones.

The Automatic notification of high-risk alerts playbook has been matched the Automatic notification of high-risk alerts workflow. This workflow uses Simple Message Notification (SMN) to send notifications. So you need to create and subscribe to a notification topic in SMN.

Figure 1 Automatic notification of high-risk alerts workflow

Step 1: Create and Subscribe to a Topic

The Automatic notification of high-risk alerts workflow uses Simple Message Notification (SMN) to send notifications. You need to create and subscribe to a topic for receiving notifications.
  1. Log in to the management console.
  2. In the upper left corner of the page, click and choose Management & Governance > Simple Message Notification.
  3. Create a topic.
    1. In the navigation pane on the left, choose Topic Management > Topics. In the upper right corner of the displayed page, click Create Topic.
    2. In the Create Topic dialog box displayed, configure topic information and click OK.
      • Topic Name: SecMaster-Notification is recommended.
      • Display Name: SecMaster notification topic is recommended.
      • Retain the default settings for other parameters.
  4. Add a subscription.
    1. On the Topics page, locate the row that contains the SecMaster-Notification topic and click Add Subscription in the Operation column.
    2. On the displayed Add Subscription slide-out panel, configure subscription information and click OK.
      • Protocol: Select Email.
      • Endpoint: Enter the email address of the subscription endpoint, for example, username@example.com.

Step 2: Configure and Enable the Playbook

In SecMaster, the initial version (V1) of the Automatic notification of high-risk alerts workflow is enabled by default. You do not need to manually enable it. The initial version (V1) of the Automatic notification of high-risk alerts playbook is also activated by default. To use it, you only need to enable it.

  1. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  2. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
    Figure 2 Workspace management page
  3. In the navigation pane on the left, choose Security Orchestration > Playbooks.
    Figure 3 Accessing the Playbooks tab
  4. On the Playbooks page, locate the row that contains the Automatic notification of high-risk alerts playbook and click Enable in the Operation column.
  5. In the dialog box displayed, select the initial playbook version v1 and click OK.

Implementation Effect

This following figure shows an email example sent when the playbook was triggered by high-risk alerts.

Figure 4 Alert notification email
Parent topic: Playbook Overview