Abstract
Considerations when planning your playbook.
When defining the workflow of your playbook, consider the following:
What processes do you need to automate?
Are there any decisions that require manual intervention?
Are there any time-sensitive aspects to the playbook?
When is the case considered remediated?
Example 94. Review the Phishing use case
Review the following workflow for a phishing use case. Also, review the playbooks in the Phishing content pack to see how they work.
Detection
Identification
Analysis
Remediation
Each of these high-level processes can contain a number of sub-processes that require step-by-step actions, all of which can be automated with either customized or new playbooks.