Abstract
Considerations when planning your playbook.
When defining the work flow of your playbook, consider the following:
What actions do you need to take?
What conditions do you need along the way? Are these conditions manual or automatic?
Do you need to include looping?
Are there any time-sensitive aspects to the playbook?
When is the alert considered remediated?
Example 30. Review the Phishing use case
Review the following workflow for a phishing use case. Also, review the playbooks in the Phishing content pack to see how they work.
Detection
Identification
Analysis
Remediation
Each of these high-level processes can contain a number of sub-processes that require step-by-step actions, all of which can be automated with either customized or new playbooks.