Help Center/ SecMaster/ User Guide/ Security Orchestration/ Playbooks/ Enabling a Playbook
Updated on 2025-08-11 GMT+08:00
View PDF
Share

Enabling a Playbook

A playbook describes how SecMaster handles a type of security issues. Playbooks express security operations process of SecMaster in the entire security orchestration system.

SecMaster provides some preconfigured playbooks such as Fetching Indicator from alert, Synchronization of HSS alert status, and Automatic disabling of repeated alerts. Most preconfigured playbooks are enabled by default. The following playbooks are enabled by default:

HSS alert status synchronization, automatic notification of high-risk vulnerabilities, historical handling information associated with host defense alarms, SecMaster and WAF address group association policy, historical handling information associated with application defense alarms, historical handling information associated with network defense alarms, automatic closure of repeated alarms, alarm IP metric marking, asset protection status statistics notification, automatic alarm statistics notification, and automatic high-risk alarm notification

If you want to use a playbook that is not enabled, you can enable the initial version of the playbook (V1, activated by default), or modify the playbook and then enable it.

This section describes how to configure and enable a playbook.

Prerequisites

Copying a Playbook Version

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 2 Accessing the Playbooks tab

  1. On the Playbooks tab, click Version Management in the Operation column of the playbook.

    Figure 3 Version Management slide-out panel

  2. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Clone in the Operation column.
  3. In the displayed dialog box, click OK.

Editing and Submitting a Playbook Version

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 4 Workspace management page

  5. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 5 Accessing the Playbooks tab

  6. On the Playbooks tab, click Version Management in the Operation column of the playbook.

    Figure 6 Version Management slide-out panel

  7. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Edit in the Operation column.
  8. On the page for editing a playbook version, edit the version information.
  9. Click OK.
  10. On the Version Management slide-out panel, in the version information area, locate the row containing the desired playbook version, and click Submit in the Operation column.
  11. In the confirmation dialog box, click OK to submit the playbook version.

    • After the playbook version is submitted, Version Status changes to Pending review.
    • After a playbook version is submitted, it cannot be edited. To edit it, create a version or reject it during review.

Reviewing a Playbook Version

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 7 Workspace management page

  5. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 8 Accessing the Playbooks tab

  6. On the Playbooks tab, click Version Management in the Operation column of the playbook.

    Figure 9 Version Management slide-out panel

  7. On the Version Management slide-out panel, click Review.
  8. On the Review Playbook Version page, enter the review information. Table 1 describes the parameters for reviewing a playbook version.

    Table 1 Parameters for reviewing a playbook version

    Parameter

    Description

    Comment

    Select the review conclusion.

    • Passed: If the playbook version is approved, the status of the workflow version changes to Activated.
    • Reject. If the playbook version is rejected, the status of the workflow version changes to Rejected. You can edit the workflow version and submit it again.

    Reason for Rejection

    This parameter is mandatory when Comment is Reject.

    Enter the review comment. This parameter is mandatory when Reject is selected for Comment.

    If there is only one version available for the current playbook, the version is in the Activated state by default after being approved.

  9. Click OK to complete the playbook version review.

Enabling a Playbook

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 10 Workspace management page

  5. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 11 Accessing the Playbooks tab

  6. In the Operation column of the target playbook, click Enable.
  7. Select the playbook version you want to enable and click OK.
Parent topic: Playbooks