Help Center/ SecMaster/ User Guide/ How to Use Playbooks/ Automatic Renaming of Alert Names/ Overview

Updated on 2024-04-11 GMT+08:00

View PDF

Overview

Scenario

SecMaster provides a built-in playbook that can automatically rename alert names. You can customize alert names with this playbook to meet your needs.

How the Playbook Works

The Automatic renaming of alarm names playbook has matched the Automatic renaming of alarm names workflow. To configure this playbook, you need to configure the matched workflow and plug-ins the workflow uses.

The Automatic renaming of alarm names workflow has four plug-in nodes, one for obtaining alert type IDs, one for obtaining alert details, the SecMasterBiz node, and one for updating alert names. In this workflow, you only need to configure the SecMasterBiz node. This node is used to customize alert names.

Figure 1 Automatic renaming of alarm names workflow

Limitations and Constraints

Currently, only names for web shell attack alerts can be modified.

Verification

The following figure shows default alert names.

Figure 2 Before processing

The following figure shows customized alert names.

Figure 3 After processing

Parent topic: Automatic Renaming of Alert Names

Previous topic: Automatic Renaming of Alert Names

Next topic: Configuring and Enabling the Playbook

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.