Views:

Automate a wide variety of actions, from assessment of your environment to remediation actions.

Security playbooks enable automation of a variety of actions, helping reduce workload while speeding up security tasks and investigations. You can create playbooks from scratch or use templates to create playbooks and customize the settings within each playbook node to suit your specific needs. Depending on the playbook type, you can designate the playbooks to run manually, periodically, or automatically in response to a trigger.
The following table outlines the tabs available in the Security Playbooks app (Workflow and AutomationSecurity Playbooks).
Tab
Description
Execution Results
Check playbook execution status, approve pending actions, edit playbooks, and view execution results of playbooks.
Playbooks
  • Create user-defined playbooks and template-based playbooks, manage, and edit playbooks.
  • Manually execute an enabled playbook by clicking run=fddd0df8-993a-4aa5-b09c-51ad84aec2a4.png
    You must enable the associated TrendAI Vision One™ features to execute playbooks that require license entitlements. For more information, see Security playbooks requirements.
  • Export a playbook as a .json file and import a shared playbook to easily reuse workflows.
    Playbook export and import does not apply to Incident Response Evidence Collection playbooks.
  • Filter by playbook type.
Templates
  • Preview playbook templates in view-only mode and choose templates to create playbooks.
  • Filter by template type.
  • View the templates that are applicable to Cyber Risk Exposure Management.
The availability of certain playbook templates depends on your license entitlement for the associated TrendAI Vision One™ features. For more information, see Security playbooks requirements.
The ability to see, edit, and execute playbooks for certain endpoints depends on the asset visibility scope of the current user. Multi-factor authentication (MFA) is required when users perform the following critical actions in Security Playbooks:
  • Create, edit, or delete playbooks
  • Approve or reject pending actions
  • Upload a new custom script
  • Manually execute playbooks in Security Playbooks or from Workbench
For more information about MFA, see Enable and configure multi-factor authentication.
Related information
Comments (0)