Share Blog Post
All About the New Rule Engine
- Ability to Define Automation Rules: The Rule Engine allows a user to define a rule which can trigger a set of actions based on some pre-defined conditions. For example, with Rule Engine, a user can run a set of playbooks when conditions of Phase Change or Status Change are met.
- Phase Change: Whenever an incident progresses from one phase of the incident response lifecycle to another, such as Detection to Analysis to Containment or Containment to Eradication, there are certain policy complaint actions that the incident response teams need to perform. Rule Engine helps to automate such necessary actions by triggering playbooks.
- Status change: The status of the incident may change from/to open, merged, untriaged or closed as it travels through the incident life cycle. The Rule Engine allows users to define rules that trigger playbooks everytime any change in status happens. For instance, an incident response team wants to close alerts. In such a case, when the status of an incident changes, the team can automatically run a playbook in CFTR to close the alerts coming from the SIEM tool.
- Ability to Create Triggers: In this beta release of the Rule Engine, CFTR users can quickly and accurately create triggers as state changes and also configure rules for the same.
- Ability to Take Actions: Many actions can be defined using the Rule Engine. Whenever the status or phase of an incident changes, an incident response team can automatically run a playbook in CFTR.
- Ability to Configure Playbooks: CFTR users can create multiple rules for the triggers and configure a Playbook for each rule.
Benefits of the Rule Engine
- Automation of Manual Efforts: Now incident response teams need not manually take actions. When an incident Status or Phase Change occurs, Rule Engine helps them to automate a fixed set of actions they need to take. The CFTR Rule Engine quickly automates and streamlines these time-consuming tasks and reduces manual errors, thereby saving incident responders’ time and boosting their efficiency.
- Reduced Complexity: Rules are easier to understand so they effectively bridge the gap between security and IT teams. Furthermore, the CFTR Rule Engine can handle increasing complexity as it automates playbook execution.
Posted on: June 30, 2022
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...