Help Center> SecMaster> User Guide> Security Orchestration> (Optional) Configuring and Enabling a Playbook
Updated on 2024-06-07 GMT+08:00

(Optional) Configuring and Enabling a Playbook

By default, SecMaster provides playbooks such as Fetching Indicator from alert, Synchronization of HSS alert status, and Automatic disabling of repeated alerts. Most of playbooks are enabled by default. The following playbooks are enabled by default:

HSS alert status synchronization, automatic notification of high-risk vulnerabilities, historical handling information associated with host defense alarms, SecMaster and WAF address group association policy, historical handling information associated with application defense alarms, historical handling information associated with network defense alarms, automatic closure of repeated alarms, and alarm IP metric marking Asset protection status statistics notification, automatic alarm statistics notification, and automatic high-risk alarm notification

If you want to use a playbook that is not enabled, you can enable the initial version of the playbook (V1, activated by default), or modify the playbook and then enable it.

This section describes how to configure and enable a playbook.

Enabling a Playbook of the Initial Version

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the left navigation pane, choose Security Orchestration > Playbooks.

    Figure 2 Accessing the Playbooks tab

  5. In the Operation column of the target playbook, click Enable.
  6. Select the playbook version to be enabled and click OK.

Enabling a Playbook of a Custom Version

Accessing the Playbook Version Management Page

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  4. In the left navigation pane, choose Security Orchestration > Playbooks.

    Figure 4 Accessing the Playbooks tab

Copying a Playbook Version

  1. In the Operation column of the target playbook, click Versions.

    Figure 5 Version Management slide-out panel

  2. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Clone in the Operation column.
  3. In the displayed dialog box, click OK.

Editing and Submitting a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Edit in the Operation column.
  2. On the page for editing a playbook version, edit the version information.
  3. Click OK.

Reviewing a Playbook Version

  1. After the playbook version is edited and submitted, the playbook management page is displayed. On the Playbooks page, click Version Management in the Operation column of the target playbook.

    Figure 6 Version Management slide-out panel

  2. On the Version Management slide-out panel, click Review in the Operation column of the target playbook.
  3. In the displayed dialog box, set Comment to Passed and click OK.

Enabling a Playbook

  1. On the Version Management slide-out panel, click Enable in the Operation column of the target playbook.
  2. In the slide-out panel, select the playbook version you want to enable and click OK.