Configuring Playbooks
Scenarios
This topic describes how to configure the playbook. After you configure this playbook, once this playbook discovers that attacks are approaching servers, it notifies operations personnel.
Prerequisites
- You have enabled access to HSS and WAF alerts on the
You have enabled the function to automatically convert logs into alerts for HSS and WAF. For details about how to enable HSS and WAF alert access in SecMaster, see Data Integration.
.
- On the Resource Manager page in the current SecMaster workspace, click an asset name. On the asset details page displayed, associate the website asset with the server asset.
Step 1: Create and Subscribe to a Topic
- Log in to the management console.
- In the upper left corner of the page, click and choose .
- Create a topic.
- In the navigation pane on the left, choose Create Topic. . In the upper right corner of the displayed page, click
- In the Create Topic dialog box displayed, configure topic information and click OK.
- Topic Name: SecMaster-Notification is recommended.
- Display Name: SecMaster notification topic is recommended.
- Retain the default settings for other parameters.
- Add a subscription.
- On the Topics page, locate the row that contains the SecMaster-Notification topic and click Add Subscription in the Operation column.
- On the displayed Add Subscription slide-out panel, configure subscription information and click OK.
- Protocol: Select Email.
- Endpoint: Enter the email address of the subscription endpoint, for example, username@example.com.
Step 2: Configure and Enable the Playbook
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks.
Figure 2 Accessing the Playbooks tab
- On the Playbooks page, locate the row that contains the Attack link analysis alert notification playbook and click Enable in the Operation column.
- In the dialog box displayed, select the initial playbook version v1 and click OK.
Implementation Effect
After the attack link analysis notification playbook is executed, server assets and the website assets will be associated based on corresponding HSS and WAF alerts.
Comments on the corresponding alert added to the playbook
Alert notification email sent to specified personnel
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.