Enabling Workflows and Playbooks
Scenarios
SecMaster provides response playbooks for cloud security incidents. After security data collection, you can use playbooks to implement efficient and automatic response to security incidents.
The workflows built into SecMaster are enabled by default. There is no need to enable it manually. The initial versions of built-in playbooks have been activated by default as well. So you only need to enable the corresponding playbook. You are advised to enable the playbooks in the following table.
| Playbook Name | Description |
|---|---|
| Automatic closing of repeated alerts | This playbook associates the alerts with the same name and closes the duplicated ones generated within the past seven days. |
| Automatic notification of high-risk alerts | This playbook sends emails or SMS notifications to specified recipients when there are alerts rated as high or fatal. |
Enabling a Workflow and Playbook
- Log in to the SecMaster console.
- Go to the target workspace.
- In the left navigation pane, choose Security Orchestration > Playbooks. Figure 1 Accessing the Playbooks tab
- On the Playbooks tab, filter the Automatic closing of repeated alerts and Automatic notification of high-risk alerts playbooks. If the playbooks are not enabled, click Enable in the Operation column of the row for each playbook.
- In the displayed confirmation dialog box, select the latest playbook version and click OK.
The Automatic notification of high-risk alerts workflow uses Simple Message Notification (SMN) to send notifications. You need to create and subscribe to a topic for receiving notifications. You need to configure recipients for the workflow. For details, see Create and Subscribe to a Topic.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
