Plan your playbook - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Considerations when planning your playbook.

When defining the work flow of your playbook, consider the following:

  • What actions do you need to take?

  • What conditions do you need along the way? Are these conditions manual or automatic?

  • Do you need to include looping?

  • Are there any time-sensitive aspects to the playbook?

  • When is the alert considered remediated?

Example 30. Review the Phishing use case

Review the following workflow for a phishing use case. Also, review the playbooks in the Phishing content pack to see how they work.

  • Detection

  • Identification

  • Analysis

  • Remediation

Each of these high-level processes can contain a number of sub-processes that require step-by-step actions, all of which can be automated with either customized or new playbooks.