Skip to content

Playbooks

Overview

Playbooks provide a step-by-step approach to orchestration, helping security teams establish standardized incident response processes and ensuring the steps are followed in compliance with regulatory frameworks. They will also improve your response time on any security alerts.

In Sekoia.io, playbooks play a huge role in automating repetitive tasks to relieve analysts’ daily work, enriching alerts by soliciting external sources, fetching indicators from outside and interconnecting with external systems like ticketing tools for example.

Because they are highly configurable, Sekoia.io’s playbooks supervise and execute response actions to be in line with your business and operational objectives.

In this documentation, you will learn how to:

  • Configure your profile to efficiently use playbooks
  • Set up your playbooks using templates
  • Create a playbook from scratch
  • Learn more about the different types of triggers, operators and actions
  • Troubleshoot with playbook runs
  • Create a Meta-playbook that works across many communities

Necessary role

To create playbooks, you will need to have the built-in role Analyst or Admin. You can also use a custom role with all the permissions related to Playbooks.