(Optional) Configuring and Enabling a Playbook
By default, SecMaster provides playbooks such as Fetching Indicator from alert, Synchronization of HSS alert status, and Automatic disabling of repeated alerts. Most of playbooks are enabled by default. The following playbooks are enabled by default:
HSS alert status synchronization, automatic notification of high-risk vulnerabilities, historical handling information associated with host defense alarms, SecMaster and WAF address group association policy, historical handling information associated with application defense alarms, historical handling information associated with network defense alarms, automatic closure of repeated alarms, and alarm IP metric marking Asset protection status statistics notification, automatic alarm statistics notification, and automatic high-risk alarm notification
If you want to use a playbook that is not enabled, you can enable the initial version of the playbook (V1, activated by default), or modify the playbook and then enable it.
This section describes how to configure and enable a playbook.
Enabling a Playbook of the Initial Version
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks.
Figure 2 Accessing the Playbooks tab
- In the Operation column of the target playbook, click Enable.
- Select the playbook version to be enabled and click OK.
Enabling a Playbook of a Custom Version
Accessing the Playbook Version Management Page
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 3 Workspace management page
- In the navigation pane on the left, choose Security Orchestration > Playbooks.
Figure 4 Accessing the Playbooks tab
Copying a Playbook Version
- In the Operation column of the target playbook, click Versions.
Figure 5 Version Management slide-out panel
- On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Clone in the Operation column.
- In the displayed dialog box, click OK.
Editing and Submitting a Playbook Version
- On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Edit in the Operation column.
- On the page for editing a playbook version, edit the version information.
- Click OK.
Submitting a Playbook Version
- On the Version Management slide-out panel, in the Version Information area, locate the target playbook version, and click Submit in the Operation column.
- Click OK.
Reviewing a Playbook Version
- On the Version Management slide-out panel for the playbook, click Review in the Operation column of the target playbook.
- On the displayed page, set Comment to Passed and click OK.
Activating a Playbook Version
- On the Version Management slide-out panel, in the Version Information area, locate the row of the target playbook version, and click Activate in the Operation column.
Enabling a Playbook
Some playbooks have been enabled by default. You can enable other ones based on your needs. The procedure is as follows:
- On the Playbooks tab, locate the target playbook and click Enable in the Operation column.
- In the slide-out panel, select the playbook version you want to enable and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot