Enabling a Playbook
SecMaster provides response playbooks for cloud security incidents. You can use playbooks to implement efficient and automatic response to security incidents. After data access, you can enable a playbook for automatic responses.
- You can enable the following workflows for playbooks. Built-in workflows are enabled by default.
WAF uncapping, Synchronization of HSS alert status, Fetching indicator from alert, WAF interception, and Automatic closing of repeated alerts.
- You can enable the following playbooks (built-in playbooks have been reviewed and their initial version v1 has been activated by default, so you can enable them directly):
Fetching indicator from alert, Synchronization of HSS alert status, and Automatic closing of repeated alerts
Procedure
- Log in to the management console.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the left navigation pane, choose Security Orchestration > Playbooks.
Figure 2 Accessing the Playbooks tab
- On the playbook page, click Enable in the Operation column of each target playbook.
Figure 3 Enabling a Playbook
- In the displayed dialog box, select the version v1 you want to enable and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.