Share Blog Post
How do Nested Playbooks work?
- At its core, a playbook defines a set of actions that are to be performed in a specific order. While creating a playbook in CSOL, it gives the option to add a different playbook as one of the nodes in the Visual Playbook Editor.
- What this means is that the playbook added as a node will be executed as a subtask during the execution of the master playbook. Thus, CSOL users can create an extended workflow while utilizing a bunch of other playbooks to perform different actions within a master playbook.
- In the CSOL Playbooks module, users can view all the created playbooks along with their associated playbooks which are added as subtasks.
Why does this matter?
- The process of automating all the security processes of an organization may seem simple on the surface but it can open up a pandora’s box if not done smartly. By using nested playbooks, SOC analysts can drastically reduce the time spent on codifying their processes in the form of playbooks.
- Nested playbooks allow SOC analysts to create the playbooks for all the redundant actions that are shared across multiple processes. These sub playbooks can then directly be used to create more complex playbooks without having to reinvent the wheel every time.
- As an example, consider two different playbooks, one for phishing email investigation and another for malware containment. Both these processes will involve several common steps such as creating and updating incident details, analyzing IOCs using external intel sources, quarantining infected systems, and more. Due to the ability to create nested playbooks, analysts only have to write these steps once and then reuse them across the two master playbooks.
Posted on: November 24, 2020
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...