هذه الصفحة غير متوفرة حاليًا بلغتك المحلية. نحن نعمل جاهدين على إضافة المزيد من اللغات. شاكرين تفهمك ودعمك المستمر لنا.
- What's New
- Function Overview
- Service Overview
-
Billing
- Billing Overview
- Billing Modes
- Billing Items
- Billing Examples
- Changing the Billing Mode
- Renewing Your Subscription
- Bills
- About Arrears
- Billing Termination
- Cost Management
-
Billing FAQs
- How Is SecMaster Billed?
- Can I Use SecMaster for Free?
- How Do I Change or Disable Auto Renewal for SecMaster?
- Will SecMaster Be Billed After It Expires?
- How Do I Renew SecMaster?
- Where Can I Unsubscribe from SecMaster?
- Where Can I View the Remaining Quotas of Security Data Collection and Security Data Packages?
- Can I Change the Billing Mode for SecMaster?
- Getting Started
-
User Guide
- Buying SecMaster
- Authorizing SecMaster
- Checking Security Overview
- Workspaces
- Viewing Purchased Resources
-
Security Governance
- Security Governance Overview
- Security Compliance Pack Description
- Authorizing SecMaster to Access Cloud Service Resources
- Subscribing to or Unsubscribing from a Compliance Pack
- Starting a Self-Assessment
- Viewing Security Compliance Overview
- Viewing Evaluation Results
- Viewing Policy Scanning Results
- Downloading a Compliance Report
- Security Situation
- Resource Manager
- Risk Prevention
- Threats
- Security Orchestration
-
Playbook Overview
- Ransomware Incident Response Solution
- Attack Link Analysis Alert Notification
- HSS Isolation and Killing of Malware
- Automatic Renaming of Alert Names
- Auto High-Risk Vulnerability Notification
- Automatic Notification of High-Risk Alerts
- Auto Blocking for High-risk Alerts
- Real-time Notification of Critical Organization and Management Operations
-
Settings
- Data Integration
-
Log Data Collection
- Data Collection Overview
- Data Collection Process
- Adding a Node
- Configuring a Component
- Adding a Connection
- Creating and Editing a Parser
- Adding and Editing a Collection Channel
- Verifying Log Collection
- Managing Connections
- Managing Parsers
- Managing Collection Channels
- Viewing Collection Nodes
- Managing Nodes and Components
- Partitioning a Disk
- Logstash Configuration Description
- Connector Rules
- Parser Rules
- Upgrading the Component Controller
- Customizing Directories
- Permissions Management
- Key Operations Recorded by CTS
-
Best Practices
-
Log Access and Transfer Operation Guide
- Solution Overview
- Resource Planning
- Process Flow
-
Procedure
- (Optional) Step 1: Buy an ECS
- (Optional) Step 2: Buy a Data Disk
- (Optional) Step 3: Attach a Data Disk
- Step 4: Create a Non-administrator IAM User
- Step 5: Configure Network Connection
- Step 6: Install the Component Controller (isap-agent)
- Step 7: Install the Log Collection Component (Logstash)
- (Optional) Step 8: Creating a Log Storage Pipeline
- Step 9: Configure a Connector
- (Optional) Step 10: Configure a Log Parser
- Step 11: Configure a Log Collection Channel
- Step 12: Verify Log Access and Transfer
- Credential Leakage Response Solution
-
Log Access and Transfer Operation Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Alert Management
- Incident Management
- Indicator Management
- Playbook Management
- Alert Rule Management
- Playbook Version Management
- Playbook Rule Management
- Playbook Instance Management
- Playbook Approval Management
- Playbook Action Management
- Incident Relationship Management
- Data Class Management
- Workflow Management
- Data Space Management
- Pipelines
- Workspace Management
- Metering and Billing
- Metric Query
- Baseline Inspection
- Appendix
- FAQs
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Buying SecMaster
- Authorizing SecMaster
- Viewing Security Overview
- Workspaces
- Viewing Purchased Resources
-
Security Governance
- Security Governance Overview
- Security Compliance Pack Description
- Authorizing SecMaster to Access Cloud Service Resources
- Subscribing to or Unsubscribing from a Compliance Pack
- Starting a Self-Assessment
- Viewing Security Compliance Overview
- Viewing Evaluation Results
- Viewing Policy Scanning Results
- Downloading a Compliance Report
- Security Situation
- Resource Manager
- Risk Prevention
- Threat Operations
- Security Orchestration
-
Settings
- Data Integration
-
Log Data Collection
- Data Collection Overview
- Adding a Node
- Configuring a Component
- Adding a Connection
- Creating and Editing a Parser
- Adding and Editing a Collection Channel
- Managing Connections
- Managing Parsers
- Managing Collection Channels
- Viewing Collection Nodes
- Managing Nodes and Components
- Partitioning a Disk
- Logstash Configuration Description
- Connector Rules
- Parser Rules
- Upgrading the Component Controller
- Customizing Directories
- Permissions Management
- FAQs
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Authorizing SecMaster
- Security Overview
- Workspaces
- Viewing Purchased Resources
- Security Situation
- Resource Manager
-
Risk Prevention
-
Baseline Inspection
- Baseline Inspection Overview
- Creating a Custom Check Plan
- Starting an Immediate Baseline Check
- Viewing Check Results
- Handling Check Results
- Viewing Compliance Packs
- Creating a Custom Compliance Pack
- Importing and Exporting a Compliance Pack
- Viewing Check Items
- Creating a Custom Check Item
- Importing and Exporting Check Items
- Vulnerability Management
- Policy Management
-
Baseline Inspection
-
Threat Operations
- Incident Management
- Alert Management
- Indicator Management
- Intelligent Modeling
- Security Analysis
- Data Delivery
-
Security Orchestration
- Security Orchestration Overview
- Built-in Playbooks
- Security Orchestration Process
- (Optional) Configuring and Enabling a Workflow
- Configuring and Enabling a Playbook
- Operation Object Management
- Playbook Orchestration Management
- Layout Management
- Plug-in Management
- Settings
-
FAQs
-
Product Consulting
- Why Is There No Attack Data or Only A Small Amount of Attack Data?
- Where Does SecMaster Obtain Its Data From?
- What Are the Dependencies and Differences Between SecMaster and Other Security Services?
- What Are the Differences Between SecMaster and HSS?
- How Do I Update My Security Score?
- How Do I Handle a Brute-force Attack?
- Issues About Data Synchronization and Data Consistency
- About Data Collection Faults
-
Product Consulting
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Enabling a Workflow
A workflow determines how a playbook responds to threats when it is triggered. SecMaster provides some preconfigured workflows, such as WAF one-click unblocking, HSS alert synchronization, and alert metric extraction. The initial version (V1) of a workflow is automatically enabled. You can edit existing workflow versions to create custom workflows.
This topic describes how to configure and enable custom workflows. The procedure is as follows:
- Copy a workflow version.
- Editing and Submitting a Workflow Version
- Review the workflow version.
- Enable the workflow.
Prerequisites
The workflow must have an activated version. For details, see Managing Workflow Versions.
Copying a Workflow Version
- Log in to the management console.
- Click
in the upper part of the page and choose Security > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks. On the displayed page, select the Workflows tab.
Figure 2 Workflows tab
- In the Operation column of the target workflow, click More and select Version Management.
Figure 3 Version Management page
- On the Version Management slide-out panel for the workflow, in the Version Information area, locate the row containing the target workflow version, and click Clone in the Operation column.
- In the displayed dialog box, click OK.
Editing and Submitting a Workflow Version
- Log in to the management console.
- Click in the upper part of the page and choose Security > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 4 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks. On the displayed page, select the Workflows tab.
Figure 5 Workflows tab
- In the Operation column of the target workflow, click More and select Version Management.
Figure 6 Version Management page
- On the Version Management slide-out panel for the workflow, in the Version Information area, locate the row containing the target workflow version, and click Edit in the Operation column.
- On the workflow canvas, drag basic, workflow, and plug-in nodes from Resource Libraries on the left to the canvas on the right.
Table 1 Resource Libraries parameters Parameter
Description
Basic
Basic Node
StartEvent
The start of the workflow. Each workflow can have only one start node. The entire workflow starts from the start node.
EndEvent
The end of the workflow. Each workflow can have multiple end nodes, but the workflow must end with an end node.
UserTask
When the workflow execution reaches this node, the workflow is suspended and a to-do task is generated.
The subsequent nodes in the workflow continue to be executed only after the user task is completed.
Table 2 describes the manual review parameters.
SubProcess
Another workflow added in the workflow. It is equivalent to the loop body in the workflow.
System Gateway
ExclusiveGateway
For an exclusive, diverging gateway, the workflow chooses only the path that matches the conditional expression to proceed.
For an exclusive, converging gateway, the workflow chooses the path arrives the gateway first to proceed.
ParallelGateway
For a parallel, diverging gateway, the workflow executes all paths arrive the gateway.
For a parallel, converging gateway, the workflow executes the subsequent node only when all paths arrive the gateway. (If one path fails, the entire workflow fails.)
InclusiveGateway
For an inclusive, diverging gateway, the workflow executes all paths that match conditional expressions.
For an inclusive, converging gateway, the workflow executes the subsequent node only when all paths executed during diverging arrive the gateway. (If one path fails, the entire workflow fails.)
Workflows
You can select all released workflows in the current workspace.
Plug-ins
You can select all plug-ins in the current workspace.
Table 2 UserTask parameters Parameter
Description
Primary key ID
A primary key ID is generated by the system. You can change it if needed.
Name
Name of the manual review node.
Valid Till
Time the manual review node expires.
Description
Description of the manual review node.
View Parameters
Click
. On the Select Context pane displayed, select a parameter. To add a parameter, click Add Parameter.Manual Processing Parameters
Input Parameter Key. To add a parameter, click Add Parameter.
- After the design is complete, click Save and Submit in the upper right corner. In the automatic workflow verification dialog box displayed, click OK.
If the workflow verification fails, check the workflow based on the failure message.
Reviewing a Workflow Version
- Log in to the management console.
- Click in the upper part of the page and choose Security > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 7 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks. On the displayed page, select the Workflows tab.
Figure 8 Workflows tab
- In the Operation column of the target workflow, click More and select Version Management.
Figure 9 Version Management page
- On the Version Management slide-out panel, click Review in the Operation column of the target workflow.
- Set Comment. Table 3 describes the parameters.
Table 3 Workflow review parameters Parameter
Description
Comment
Select the review conclusion.
- Passed: If the workflow version is approved, the status of the workflow version changes to Activated.
- Reject. If the workflow version is rejected, the status of the workflow version changes to Rejected. You can edit the workflow version and submit it again.
Reason for Rejection
Enter the review comment. This parameter is mandatory when Reject is selected for Comment.
NOTE:
- You can edit a rejected workflow version. For details, see Managing Workflow Versions.
- Workflow version status change:
If the current workflow has only one workflow version, the status of the approved workflow version Status is Activated by default.
- Click OK to complete the workflow version review.
Enabling a Workflow
- Log in to the management console.
- Click in the upper part of the page and choose Security > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 10 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks. On the displayed page, select the Workflows tab.
Figure 11 Workflows tab
- In the row containing the target workflow, click Enable in the Operation column.
- In the slide-out panel that is displayed, select the workflow version to be enabled and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
