Updated on 2024-10-29 GMT+08:00

Configuring and Enabling a Playbook

By default, SecMaster provides playbooks such as Fetching indicator from alert, Synchronization of HSS alert status, and Automatic closing of repeated alerts. The initial version (V1) of the playbooks has been activated. You only need to enable them.

If you need to edit a playbook, you can copy the initial version and edit it.

This section describes how to configure and enable a playbook.

Enabling a Playbook of the Initial Version

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
  4. In the navigation pane on the left, choose Security Orchestration > Playbooks.
  5. In the Operation column of the target playbook, click Enable.
  6. Select the playbook version to be enabled and click OK.

Enabling a Playbook of a Custom Version

Accessing the Playbook Version Management Page

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Security Orchestration > Playbooks.

Copying a Playbook Version

  1. In the Operation column of the target playbook, click Versions.
  2. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Clone in the Operation column.
  3. In the displayed dialog box, click OK.

Editing and Submitting a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Edit in the Operation column.
  2. On the page for editing a playbook version, edit the version information.
  3. Click OK.

Submitting a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the target playbook version, and click Submit in the Operation column.
  2. Click OK.

Reviewing a Playbook Version

  1. On the Version Management slide-out panel for the playbook, click Review in the Operation column of the target playbook.
  2. On the displayed page, set Comment to Passed and click OK.

Activating a Playbook Version

  1. On the Version Management slide-out panel, in the Version Information area, locate the row of the target playbook version, and click Activate in the Operation column.

Enabling a Playbook

Some playbooks have been enabled by default. You can enable other ones based on your needs. The procedure is as follows:

  1. On the Playbooks tab, locate the target playbook and click Enable in the Operation column.
  2. In the slide-out panel, select the playbook version you want to enable and click OK.