We use cookies to improve your experience. Do you accept?

Level Up Your Incident Response Process with Cyware's Enhanced Automation Playbooks

Level Up Your Incident Response Process with Cyware's Enhanced Automation Playbooks - Featured Image

Cyware Security Orchestration Layer (CSOL) Dec 7, 2021

Every security team wants to diligently respond to an incident or a threat. We give them a magic wand in the form of Playbooks to help them quickly detect, respond to, and mitigate complex threats. In our new Cyware Orchestrate v3.0 release, we have upgraded our Playbooks to perform security orchestration and automation tasks related to incident response.

The new version of our Cyware Orchestrate provides the capability to leverage both manual and fully-automated Playbooks to meet the process as well as procedure-specific demands of different organizations. We have added hundreds of new out-of-the-box Playbooks and have also made it easy for our customers to build customized Playbooks as needed.

What’s New?

Cyware Orchestrate v3.0 offers an easy-to-use Playbook canvas to help users develop logical workflows for their orchestration needs. With a simple drag-and-drop provision, users can define their workflow in this canvas with different nodes and other elements. We have revamped our Playbooks to offer wide-ranging features such as:

  • Powerful Visual Editor: Cyware Orchestrate offers an easy-to-use Playbook canvas or editor that provides a simple drag-and-drop feature to add various elements or nodes to develop logical workflows for your orchestration needs.

  • Out-of-the-box Cyware Playbooks: Users can jumpstart their automation and orchestration efforts by utilizing our vast library of out-of-the-box Playbooks and customizing them to suit their specific business needs.

  • Custom Workflows: We provide a secure Python-based development environment for users to create custom functions for their Playbook directly in the Playbook canvas.

  • Import and Export Playbooks: Users can move Playbooks between instances by importing and exporting Playbooks directly in the interface. They can export custom-created Playbooks in JSON file format. This would help sharing the same or saving them for future use. For compliance and reporting, users can now export Playbooks in PNG format too.

  • Clone and Edit Playbooks: Users can either clone Cyware or My Playbooks and save it under My Playbooks. Since pre-built Cyware Playbooks cannot be directly modified, users can clone a Cyware Playbook, which basically creates a copy of the original Playbook. Moreover, users can edit the details of an existing Playbook by selecting a Playbook and clicking on Edit.

  • Schedule Playbooks: Users can schedule Playbooks to run on-demand or automatically when triggered by one or more events.

  • Run Logs: Users can review the detailed execution records of not only the Playbook but also the Run Logs for nodes defined in the playbook workflow. Moreover, they can take a quick look at the Run Logs for any debugging issue.

  • Nested Playbooks: This capability helps achieve reusability across multiple Playbooks. While creating a Playbook, users get an option to add another Playbook—known as Nested Playbooks or Sub-Playbooks—as one of the nodes in the Playbook workflow. They can also execute these nested Playbooks asynchronously (independent of the master Playbook execution) or synchronously along with the master Playbook.

  • Filter Playbooks: Users can apply several filters on the Playbooks listings to view only specific Playbooks based on the selected criteria. They can filter Playbooks based on different parameters such as status, schedule, bookmark status, or created by fields.

  • Terminate Playbooks: Users can terminate a Playbook while aborting the execution of the remaining tasks.

Kickstart Faster Response with Cyware’s Playbooks

Users can leverage existing Playbooks offered by Cyware or build their own Playbook.

  • Cyware Playbooks: Also referred to as system Playbooks, these are pre-configured Playbook templates that can be cloned and modified for creating new Playbooks. These Playbooks are designed considering the most common orchestration and automation scenarios that organizations may encounter during incident response. Furthermore, they can import, export, clone, and customize these Playbooks according to the needs of their organizations.

  • My Playbooks: These are also referred to as custom Playbooks. Users can create a new customized workflow in the Playbook canvas with all the necessary actions and configurations as per the requirements of their organization.

Top Use Cases Addressed by Cyware’s Playbooks

  • Incident Onboarding Playbooks from SIEM: This Playbook leverages the Cyware Orchestrate integration with all the leading SIEM to get the incident onboarded for orchestration.

  • Incident Enrichment Playbook: This Playbook leverages Cyware Orchestrate integration to enrich the incident with all the details required by security analysts to investigate the incident.

  • Phishing Mails Investigation Playbook: This Playbook automates the entire phishing mails investigation workflow, thereby minimizing manual intervention.

  • Notification to Stakeholders: Communication is an important aspect of any investigation. Alerting via CSAP, Cyware Orchestrate provides various apps to allow communications across different media such as emails.

  • Malicious URL Investigation: This Playbook provides a high-level workflow to deal with an event of a machine communicating with some malicious URLs.

  • Ransomware Investigation Playbook: This Playbook automates the entire ransomware investigation workflow, thereby reducing manual efforts.

Conclusion

With Cyware Orchestrate, organizations can leverage both manual and fully-automated Playbooks to dynamically meet process- and procedure-specific requirements. If you are keen on learning about the customizable and out-of-the-box Playbooks, book a demo with us.

Related Blogs