5 Easy Ways to Trigger Automated SOAR Playbooks

5 Easy Ways to Trigger Automated SOAR Playbooks - Featured Image

Cyware Security Orchestration Layer (CSOL) Jan 13, 2021

The Cyware Security Orchestration Layer (CSOL) serves as the glue that bonds different security technology infrastructure components together in order to orchestrate and automate actions across various applications. CSOL Playbooks are automated security workflows that perform actions across the different integrated applications.

The execution of a Playbook in CSOL can be triggered in several different ways, as listed below.

Manually triggering a Playbook

Security teams can manually trigger a Playbook by clicking on the ‘Run’ button on the playbook page. When SOC Analysts manually trigger a Playbook from within CSOL, they can check the status of execution from the Run Logs as shown in the screenshot below. It provides details about the last time a Playbook was run, the result of the Playbook execution, event, and last activity related to that Playbook.

Another way of triggering a Playbook manually is by doing so from Cyware Fusion and Threat Response. Using this method, security teams can use CSOL Playbooks suggested within the CFTR platform to perform and support various threat response tasks such as indicator enrichment, investigation, alerting, and many more.

If a Playbook is automated, then the event column in the run log shows the event value. If the Playbook is manual, then the event column is empty without any event value.

Automated ways to trigger Playbooks

A CSOL Playbook could also be triggered automatically through different methods such as:

  • Cron Trigger : Playbooks can be scheduled to execute at specific times using cron jobs.

  • Source Event Trigger - CSOL can look for specific security events that match any pre-configured Playbook labels to trigger the Playbook it is mapped to.

  • API Trigger - CSOL Open APIs can also be used to trigger Playbooks programmatically.

  • Parent Playbook Trigger - Through nested Playbooks in CSOL, a child Playbook can be triggered automatically when its parent Playbook is executed.

The takeaway

The CSOL platform enables SOC teams to perform time-critical security processes and workflow optimizations with minimal or no inputs by any humans in the loop resulting in above par MTTRs. By utilizing the capability of CSOL to trigger Playbook execution using different automated methods described above, security teams can reduce their workload and focus on more in-depth tasks that require their expertise.

Schedule your free demo now.

Related Blogs

Join Cyware and Take a Break at Black Hat 2023 - Featured Image

Join Cyware and Take a Break at Black Hat 2023

We know how hectic Black Hat can be, so Cyware team is offering an oasis in the desert to let you relax, meet, have coffee or cocktails, and then have some fun!

Black Hat 2023black hatCyware
Cyware Raises $30 Million to Accelerate Expansion of AI-Powered Global Cyber Fusion and Threat Sharing Networks - Featured Image

Cyware Raises $30 Million to Accelerate Expansion of AI-Powered Global Cyber Fusion and Threat Sharing Networks

[Cyware](https://cyware.com/), the leading provider of **AI-powered Cyber Fusion** **platforms** for enterprises and MSSPs, and automated threat intelligence s

Series C FundingCyber Fusion CenterTen Eleven VenturesCyware
Cyware to Power Accenture’s Next-Generation Threat Intelligence Services - Featured Image

Cyware to Power Accenture’s Next-Generation Threat Intelligence Services

[Cyware](https://cyware.com/) has achieved another significant milestone, being selected to power the **Accenture Cyber Threat Intelligence (ACTI)** platform an

Threat Intelligence PlatformAccentureCyware