We are making strides in creating more automation on the platform. Our goal is to make your life easier; we want our platform to provide you with useful, intelligible, information that you can translate into action.
Let’s face it, our platform is pretty useful. It lets you know when it finds a new vector or asset or outdated technology, the next logical step would be to allow you to take this information and act upon it however you see fit. Enter Playbooks.
Let’s say the platform found that your web servers are running an outdated version of jQuery. If you employ a patch management system in your organization, you could create a playbook that will send this data into said patch management system to initiate the update process. Alternatively, you could create a playbook that will open a ticket in a ticketing service like Jira or ServiceNow.
Another use could be when the platform finds a new vector, you could create a playbook that will forward the new vector details into a SOAR platform that will act upon the provided information based on some predefined rule set.
Our version of this idea begins at the moment the platform has informed you that it has found a new vector, asset, or outdated technology. Each of these discoveries can be set as a trigger to run a playbook. Within the playbook you can select the conditions for the playbooks to run upon, and where to send the data i.e. an API endpoint of some other tool or service.
Next time you login to the platform, you will see a new screen, Playbooks.
The first time you visit the Playbooks screen it will be empty, we can remedy that by clicking the '+ Create Playbook' button.
A window will open that will guide you in creating your first playbook.
For the first part, you will need to provide some basic information like the name of the playbook and its category. Categories are created by you and will appear as tags under the playbook name. They can be anything you want, either by the endpoint you are sending the data to, or by the finding type on our platform. Whatever it is, try to be consistent and mindful of any special characters you are using. To prevent accidentally creating multiple categories for the same thing. Tags are case insensitive, but it is not unheard of that a hyphen is used when a space is required.
Select which action on the platform should trigger the playbook. For instance, when a new vector is created.
Next, select which properties the playbook should focus on and what value it should look for.
And finally, enter the endpoint URL to which the data should be sent, click save and your playbook is done and ready to work.
Playbooks will be covered more extensively in our upcoming newsletter.
