Share Blog Post
- Powerful Visual Editor: Cyware Orchestrate offers an easy-to-use Playbook canvas or editor that provides a simple drag-and-drop feature to add various elements or nodes to develop logical workflows for your orchestration needs.
- Out-of-the-box Cyware Playbooks: Users can jumpstart their automation and orchestration efforts by utilizing our vast library of out-of-the-box Playbooks and customizing them to suit their specific business needs.
- Custom Workflows: We provide a secure Python-based development environment for users to create custom functions for their Playbook directly in the Playbook canvas.
- Import and Export Playbooks: Users can move Playbooks between instances by importing and exporting Playbooks directly in the interface. They can export custom-created Playbooks in JSON file format. This would help sharing the same or saving them for future use. For compliance and reporting, users can now export Playbooks in PNG format too.
- Clone and Edit Playbooks: Users can either clone Cyware or My Playbooks and save it under My Playbooks. Since pre-built Cyware Playbooks cannot be directly modified, users can clone a Cyware Playbook, which basically creates a copy of the original Playbook. Moreover, users can edit the details of an existing Playbook by selecting a Playbook and clicking on Edit.
- Schedule Playbooks: Users can schedule Playbooks to run on-demand or automatically when triggered by one or more events.
- Run Logs: Users can review the detailed execution records of not only the Playbook but also the Run Logs for nodes defined in the playbook workflow. Moreover, they can take a quick look at the Run Logs for any debugging issue.
- Nested Playbooks: This capability helps achieve reusability across multiple Playbooks. While creating a Playbook, users get an option to add another Playbook—known as Nested Playbooks or Sub-Playbooks—as one of the nodes in the Playbook workflow. They can also execute these nested Playbooks asynchronously (independent of the master Playbook execution) or synchronously along with the master Playbook.
- Filter Playbooks: Users can apply several filters on the Playbooks listings to view only specific Playbooks based on the selected criteria. They can filter Playbooks based on different parameters such as status, schedule, bookmark status, or created by fields.
- Terminate Playbooks: Users can terminate a Playbook while aborting the execution of the remaining tasks.
Kickstart Faster Response with Cyware’s Playbooks
- Cyware Playbooks: Also referred to as system Playbooks, these are pre-configured Playbook templates that can be cloned and modified for creating new Playbooks. These Playbooks are designed considering the most common orchestration and automation scenarios that organizations may encounter during incident response. Furthermore, they can import, export, clone, and customize these Playbooks according to the needs of their organizations.
- My Playbooks: These are also referred to as custom Playbooks. Users can create a new customized workflow in the Playbook canvas with all the necessary actions and configurations as per the requirements of their organization.
Top Use Cases Addressed by Cyware’s Playbooks
- Incident Onboarding Playbooks from SIEM: This Playbook leverages the Cyware Orchestrate integration with all the leading SIEM to get the incident onboarded for orchestration.
- Incident Enrichment Playbook: This Playbook leverages Cyware Orchestrate integration to enrich the incident with all the details required by security analysts to investigate the incident.
- Phishing Mails Investigation Playbook: This Playbook automates the entire phishing mails investigation workflow, thereby minimizing manual intervention.
- Notification to Stakeholders: Communication is an important aspect of any investigation. Alerting via CSAP, Cyware Orchestrate provides various apps to allow communications across different media such as emails.
- Malicious URL Investigation: This Playbook provides a high-level workflow to deal with an event of a machine communicating with some malicious URLs.
- Ransomware Investigation Playbook: This Playbook automates the entire ransomware investigation workflow, thereby reducing manual efforts.
Posted on: December 07, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...