Playbook Overview

Ransomware Incident Response Solution
Attack Link Analysis Alert Notification
HSS Isolation and Killing of Malware
Automatic Renaming of Alert Names
Auto High-Risk Vulnerability Notification
Automatic Notification of High-Risk Alerts
Real-time Notification of Critical Organization and Management Operations
SecMaster WAF Address Group Association Policy
Application Defense Alarms Are Associated With Historical Handling Information
Network Defense Alarms Are Associated With Historical Handling Information
Extracting Indicators from Alerts (Fetching Indicator from alert)
Automatic Closing of Repeated Alerts (Automatic closing of repeated alerts)
Alert IP Metric Labeling (Add the IP indicator tag to the alert)
Asset Protection Status Statistics Notification
HSS Alert Synchronization (Synchronization of HSS alert status)
Host Vulnerability Notification (Notification on host asset risk statistics)
Mining Host Isolation (Mining host isolation)
Ransomware Host Isolation (Ransomware host isolation)
Host Defense Alarms Are Associated With Historical Handling Information (HostDefenseAlarmsAreAssociatedWithHistoricalHandlingInformation)
Empty WAF Policy Deletion (WAF clear Non-domain Policy)
Identity Defense Alerts Associated with Historical Handling Information (IdentityWithHistoricalHandlingInformation)
Auto Notification of Unclosed Alerts (Alerts statistics Notify)
Automatic Blocking of High-Risk Alerts (AutomaticSecurityBlockingOfHig-riskAlarms)
Auto Handling of HSS Rootkit Attacks (Automated handling of host Rootkit event attacks)
Synchronizing WAF Blacklisted IP Addresses to Indicators (WAF synchronizes black IP addresses to intelligence)
CFW Synchronizes Black IP Addresses to Intelligence (CFW Synchronizes Black IP Addresses to Intelligence)
IP Indicator Association (The IP intelligence association)
Automatic Handling of HSS Web Shell Attacks (Automated handling of host rebound Shell attacks)
Automatic Closing of Low-Risk Alerts (Automatic shutdown of low-risk alarms)
New Server Protection Status Notification (Add Host Asset Protection Status Notification)
Web Login Brute-force Attack Interception (Web login Burst Interception)
HSS High-Risk Alarm Interception Notification
Credential Leak Response
Automatic Handling of High-Risk WAF Alerts (Automatic handling of high-risk WAF Alert)
Abnormal AccessKey Leakage Risk Scanning

Previous topic: Directory Customization

Next topic: Ransomware Incident Response Solution

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot