Share Blog Post
With the growing challenges posed by the evolving threat landscape, cybersecurity teams are increasingly leveraging security orchestration and automation solutions to accelerate their internal processes and response workflows. In the same vein, the Cyware Security Orchestration Layer (CSOL) enables SOC teams to perform everyday security operations using machine capabilities by writing advanced custom Playbooks.
Playbooks essentially describe a series of security actions meant to achieve a specific objective, along with decision-making steps to choose the appropriate action at different stages of a Playbook. SOC teams can use these automated Playbooks to address various use cases such as threat intelligence enrichment, incident response, vulnerability management, threat hunting, and more.
Here is how SOC teams can write their own Playbooks.
What are the four steps involved?
SOC Analysts can visit the Playbook module in CSOL to begin the Playbook creation process.
Step1: Add the basic data
SOC Analysts need to enter the Playbook Data such as the Playbook name, description, labels, status, termination time, input and output parameters, and more.
Step2: Create the Playbook flow
They can then start creating the flow of the Playbook using the workflow builder. Here, they can create nodes that can represent a series of security actions and decision flow based on the input and output parameters at different stages of the Playbook.
Step 3: Define access levels and trigger conditions
They can also select which users can access the Playbook and define conditions for aborting or retrying the Playbook execution in case of failure of certain steps.
Step4: Save and run the Playbook
When completed, they can save the Playbook. The newly created Playbook will now be available for execution by the chosen group of users on the platform.
Benefits of creating custom Playbooks
- While CSOL provides SOC Analysts with a built-in Playbook library for quick use, they can choose to modify the existing Playbooks or create custom ones to perform specific tasks based on their unique security use cases.
- Using custom Playbooks, SOC teams can automate security actions for different stages of the incident response lifecycle, as well as perform any other automated workflows by leveraging the integration of their security stack with CSOL.
The bottom line
CSOL provides security teams with extensive capabilities in terms of orchestrating and automating their critical operations. By writing custom Playbooks, SOC teams can tailor the automation capabilities of CSOL for their unique threat environment.
Posted on: January 06, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.