Learn about creating template-based playbooks to automate and orchestrate your response to security incidents.
Trend Vision One comes with a set of predefined playbook
templates. The templates provide a ready-to-use workflow that can be quickly set up
to meet your
needs. Some playbook templates have a fixed workflow, while others are fully customizable.
Playbook templates themselves cannot be executed. You need to create a playbook from
them. Multiple playbooks can be created from the same template.
Playbook templates consist of various node types that
allow you to trigger execution, define the target of the playbook, handle conditions,
and carry
out actions.
You can view the list of currently available playbook templates from the Templates tab in the Security Playbooks app.
|
Category
|
Playbook Template
|
Description
|
|
Cyber Risk Exposure Management
|
Account Response
|
Sends notifications and mitigates accounts with account configuration risks, such
as weak authentication and excessive privileges
|
|
Automated High-Risk Account Response
|
Takes actions automatically in response to higher risk accounts
|
|
|
CVEs with Global Exploit Activity - Internet-Facing Assets
|
Notifies specified recipients about internet-facing assets, such as hosts and public
IPs, containing CVEs with high, medium, or low global exploit activity
|
|
|
CVEs with Global Exploit Activity - Internal Assets
|
Notifies specified recipients about internal assets, such as endpoints and mobile
devices, containing CVEs with high, medium, or low global exploit activity
|
|
|
Risk Event Response
|
Sends notifications and takes actions at specified times in response to new or ongoing
risk events
|
|
|
Security Awareness Training Campaign
|
Creates security awareness training campaigns for user accounts targeted by account
compromise and XDR detection risk events
|
|
|
XDR Threat Investigation
|
Endpoint Response
|
Runs custom scripts on endpoints or isolates compromised endpoints during an investigation
|
|
Automated Response Playbook
|
Takes actions automatically in response to workbench alerts generated by supported
data sources / processors
|
|
|
Incident Response Evidence Collection
|
Collects evidence to support threat investigation and incident response
|
 |
ImportantThe availability of certain template-based playbook types depends on your license
entitlement
for the associated Trend Vision One features and the required
data sources. For more information, see Security playbooks requirements.
|