Share Blog Post
What is an Action Library?
Capabilities of Action Library
- Action Templates: For each different incident type, security teams every time have to create different workflows. They might have one template for spearphishing response, one for ransomware alert, and several others for different incidents. Action Library enables security teams to organize all such processes in an Action Template, reducing the risk of missing critical actions or tasks during an investigation.
- Action Mapping: Users can map actions to various modules across CFTR via Action Templates. This helps in automatically associating an action to a condition triggered. For example, Action Templates are used to map actions to various phases of incident workflows in Form Management.
- Auto-Creation of Actions: With the mapped Action Templates, actions are automatically created for incidents. For example, for blocking an IP address during an incident response phase, CFTR users can map an action template to a phase in the incident workflow. Next time, when an incident occurs, CFTR will automatically create an action to block the IP address and link it to the mapped incident phase.
Benefits of Action Library
- No Critical Actions are Missed: With the ability to create and manage Action Templates, no critical actions are missed out in the incident response process.
- Time Efficient: Action Library reduces the time taken to uncover actionable threat intel when security teams are investigating threats. This accelerates threat investigation with automated and standardized actions.
- Reduced MTTR: Security teams can effectively map actions for incidents of all types, improving their efficiency in responding to threats, thereby reducing mean time to respond (MTTR).
- Efficiency and Productivity: As actions are pre-populated, security teams can allocate specific tasks during the process resulting in their team’s efficiency and productivity.
Posted on: June 30, 2022
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...