Updated on 2025-01-20 GMT+08:00

Enabling a Playbook

A playbook describes how SecMaster handles a type of security issues. Playbooks express security operations process of SecMaster in the entire security orchestration system.

By default, SecMaster provides playbooks such as Fetching indicator from alert, Synchronization of HSS alert status, and Automatic closing of repeated alerts. The initial version (V1) of the playbooks has been activated. You only need to enable them.

If you need to edit a playbook, you can copy the initial version and edit it.

This section describes how to configure and enable a playbook.

Prerequisites

Copying a Playbook Version

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 2 Accessing the Playbooks tab

  1. On the Playbooks tab, click Version Management in the Operation column of the playbook.
  2. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Clone in the Operation column.
  3. In the displayed dialog box, click OK.

Editing and Submitting a Playbook Version

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  4. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 4 Accessing the Playbooks tab

  5. On the Playbooks tab, click Version Management in the Operation column of the playbook.
  6. On the Version Management slide-out panel, in the Version Information area, locate the row containing the desired playbook version, and click Edit in the Operation column.
  7. On the page for editing a playbook version, edit the version information.
  8. Click OK.
  9. On the Version Management slide-out panel, in the version information area, locate the row containing the desired playbook version, and click Submit in the Operation column.
  10. In the confirmation dialog box, click OK to submit the playbook version.

    • After the playbook version is submitted, Version Status changes to Pending review.
    • After a playbook version is submitted, it cannot be edited. To edit it, create a version or reject it during review.

Reviewing a Playbook Version

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 5 Workspace management page

  4. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 6 Accessing the Playbooks tab

  5. On the Playbooks tab, click Version Management in the Operation column of the playbook.
  6. On the Version Management slide-out panel, click Review.
  7. On the Review Playbook Version page, enter the review information. Table 1 describes the parameters for reviewing a playbook version.

    Table 1 Parameters for reviewing a playbook version

    Parameter

    Description

    Comment

    Select the review conclusion.

    • Passed: If the playbook version is approved, the status of the workflow version changes to Activated.
    • Reject. If the playbook version is rejected, the status of the workflow version changes to Rejected. You can edit the workflow version and submit it again.

    Reason for Rejection

    This parameter is mandatory when Comment is Reject.

    Enter the review comment. This parameter is mandatory when Reject is selected for Comment.

    If there is only one version available for the current playbook, the version is in the Activated state by default after being approved.

  8. Click OK to complete the playbook version review.

Enabling a Playbook

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 7 Workspace management page

  4. In the navigation pane on the left, choose Security Orchestration > Playbooks.

    Figure 8 Accessing the Playbooks tab

  5. In the Operation column of the target playbook, click Enable.
  6. Select the playbook version you want to enable and click OK.