Plan your playbook - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-10-31
Category
Administrator Guide
Solution
On-prem
Abstract

Considerations when planning your playbook.

When defining the work flow of your playbook, consider the following:

  • What actions do you need to take?

  • What conditions do you need along the way? Are these conditions manual or automatic?

  • Do you need to include looping?

  • Are there any time-sensitive aspects to the playbook?

  • When is the incident considered remediated?

Example 8. Review the Phishing use case

Review the following workflow for a phishing use case. Also, review the playbooks in the Phishing content pack to see how they work.

  • Detection

  • Identification

  • Analysis

  • Remediation

Each of these high-level processes can contain a number of sub-processes that require step-by-step actions, all of which can be automated with either customized or new playbooks.


Example 9. Review the Default Playbook

The Default Playbook provides generic capabilities for automated incident enrichment and severity calculations that you can adjust for your needs. Watch this video for more details.