Help Center/ SecMaster/ User Guide/ Security Orchestration/ Security Orchestration Process
Updated on 2024-11-21 GMT+08:00

Security Orchestration Process

This topic describes how Security Orchestration works.

Figure 1 Security Orchestration process
Table 1 Process

No.

Operation

Description

1

(Optional) Configuring and Enabling a Workflow

Enable the required workflows built in SecMaster.

SecMaster provides some built-in workflows such as WAF uncapping, Synchronization of HSS alert status, and Fetching indicator from alert. Their initial version (V1) has been activated by default.

If you need to edit a workflow, you can copy the initial version and edit it.

2

(Optional) Configuring and Enabling a Playbook

Enable the required playbooks built in SecMaster.

By default, SecMaster provides playbooks such as Fetching Indicator from alert, Synchronization of HSS alert status, and Automatic disabling of repeated alerts. Most of playbooks are enabled by default. The following playbooks are enabled by default:

HSS alert status synchronization, automatic notification of high-risk vulnerabilities, historical handling information associated with host defense alarms, SecMaster and WAF address group association policy, historical handling information associated with application defense alarms, historical handling information associated with network defense alarms, automatic closure of repeated alarms, and alarm IP metric marking Asset protection status statistics notification, automatic alarm statistics notification, and automatic high-risk alarm notification

If you want to use a playbook that is not enabled, you can enable the initial version of the playbook (V1, activated by default), or modify the playbook and then enable it.