We use cookies to improve your experience. Do you accept?

Skip to main content

How Cyware's Nested Playbook Capability Helps Achieve Reusability Across Multiple Playbooks

How Cyware's Nested Playbook Capability Helps Achieve Reusability Across Multiple Playbooks - Featured Image

Security Orchestration Nov 24, 2020

With security orchestration and automation playing an ever more important role in today’s SOC operations, the Cyware Security Orchestration Layer (CSOL) is poised to enable this transformation with Playbook-based automation capabilities. One of the most powerful capabilities provided by CSOL is the ability to create nested Playbooks that accelerate and simplify the process of building automated security workflows.

How do Nested Playbooks work?

  • At its core, a playbook defines a set of actions that are to be performed in a specific order. While creating a playbook in CSOL, it gives the option to add a different playbook as one of the nodes in the Visual Playbook Editor.

  • What this means is that the playbook added as a node will be executed as a subtask during the execution of the master playbook. Thus, CSOL users can create an extended workflow while utilizing a bunch of other playbooks to perform different actions within a master playbook.

  • In the CSOL Playbooks module, users can view all the created playbooks along with their associated playbooks which are added as subtasks.

Why does this matter?

  • The process of automating all the security processes of an organization may seem simple on the surface but it can open up a pandora’s box if not done smartly. By using nested playbooks, SOC analysts can drastically reduce the time spent on codifying their processes in the form of playbooks.

  • Nested playbooks allow SOC analysts to create the playbooks for all the redundant actions that are shared across multiple processes. These sub playbooks can then directly be used to create more complex playbooks without having to reinvent the wheel every time.

  • As an example, consider two different playbooks, one for phishing email investigation and another for malware containment. Both these processes will involve several common steps such as creating and updating incident details, analyzing IOCs using external intel sources, quarantining infected systems, and more. Due to the ability to create nested playbooks, analysts only have to write these steps once and then reuse them across the two master playbooks.

The takeaway

While security automation enhances SOC performance for organizations, the process of implementing it should also be made efficient. In the same vein, through the nested playbooks feature, CSOL provides a structured approach for security teams to build flexible, reusable, and extensible automated security workflows.

Related Blogs