Help Center/ SecMaster/ User Guide/ Security Orchestration/ Configuring and Enabling a Playbook
Updated on 2024-11-06 GMT+08:00

Configuring and Enabling a Playbook

By default, SecMaster provides playbooks such as Fetching indicator from alert, Synchronization of HSS alert status, and Automatic closing of repeated alerts. The initial version (V1) of the playbooks has been activated. You only need to enable them.

If you need to edit a playbook, you can copy the initial version and edit it.

By default, SecMaster provides playbooks such as Fetching Indicator from alert, Synchronization of HSS alert status, and Automatic disabling of repeated alerts. Most of playbooks are enabled by default. The following playbooks are enabled by default:

HSS alarm status synchronization, automatic notification of high-risk alarms, association between application defense alarms and historical handling information, automatic closure of repeated alarms, association between network defense alarms and historical handling information, automatic notification of high-risk vulnerabilities, association between identity defense alarms and historical handling information, alarm IP address metric marking, and association of HSS alarms with historical handling details

This section describes how to configure and enable a playbook.

Enabling a Playbook of the Initial Version

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 2 Accessing the Playbooks tab

  6. In the Operation column of the target playbook, click Enable.
  7. Select the playbook version to be enabled and click OK.

Enabling a Playbook of a Custom Version

Accessing the Playbook Version Management Page

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  5. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 4 Accessing the Playbooks tab

Copying a Playbook Version

  1. In the Operation column of the target playbook, click Versions.

    Figure 5 Version Management slide-out panel

  2. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Clone in the Operation column.
  3. In the displayed dialog box, click OK.

Editing and Submitting a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Edit in the Operation column.
  2. On the page for editing a playbook version, edit the version information.
  3. Click OK.

Submitting a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the target playbook version, and click Submit in the Operation column.
  2. Click OK.

Reviewing a Playbook Version

  1. On the Version Management slide-out panel for the playbook, click Review in the Operation column of the target playbook.
  2. On the displayed page, set Comment to Passed and click OK.

Activating a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the row of the target playbook version, and click Activate in the Operation column.

Enabling a Playbook

Some playbooks have been enabled by default. You can enable other ones based on your needs. The procedure is as follows:

  1. On the Playbooks tab, locate the target playbook and click Enable in the Operation column.
  2. In the slide-out panel, select the playbook version you want to enable and click OK.