Updated on 2024-07-18 GMT+08:00

Security Orchestration Process

This topic describes how Security Orchestration works.

Figure 1 Security Orchestration process
Table 1 Process

No.

Operation

Description

1

(Optional) Configuring and Enabling a Workflow

Enable the required workflows built in SecMaster.

SecMaster provides some built-in workflows such as WAF uncapping, Synchronization of HSS alert status, and Fetching indicator from alert. Their initial version (V1) has been activated by default.

If you need to edit a workflow, you can copy the initial version and edit it.

2

(Optional) Configuring and Enabling a Playbook

Enable the required playbooks built in SecMaster.

By default, SecMaster provides playbooks such as Fetching indicator from alert, Synchronization of HSS alert status, and Automatic closing of repeated alerts. The initial version (V1) of the playbooks has been activated. You only need to enable them.

If you need to edit a playbook, you can copy the initial version and edit it.