A high-level overview of the Playbooks feature and how Automation can assist users in prioritization and remediation.
What are Playbooks?
The RiskSense platform features a powerful set of automation tools that allow users to automate the execution of common or repetitive tasks, including managing assets, prioritizing remediation efforts, and tracking remediation progress on specific assets. A Playbook is a collection of such tasks defined by the user, and the system will complete those tasks according to a given schedule.
When a Playbook is created, the user specifies the run schedule of when the actions should occur; this is given by a time of day on a daily, weekly, or monthly basis. Playbooks can be turned on or off as the user so chooses by enabling or disabling them. The Playbooks view under the Automation menu section provides users with all the above information and when the most recent execution was completed.
What are Rules?
Each Playbook consists of a set of Rules, individual actions to be performed on a target set of findings, assets, or groups. The targets on which the action is to be performed are specified by filters saved in the platform. Every Rule also includes the option for sending a notification of actions run via email to a provided set of addresses.
When a Rule is created, the user first specifies the action to be taken by the system. Then, targets for that action are chosen from existing saved filters or by creating a new filter. Lastly, a notification is selected, and the Rule is then saved as a component in the Playbook. Many Rules can exist within a single Playbook, and they are executed in the exact order shown in the Playbooks view.
What actions can I automate?
Playbooks can automate the following actions in the RiskSense platform:
- Assign or unassign findings to users
- Set the due date of a set of findings by a given offset duration
- Remove due dates from a set of findings
- Apply or unapply tags to assets or findings
- Add or remove assets from a group or set of groups
- Update the Severity of a set of findings (outside the Workflow system)
- Update the Asset Criticality of a set of assets
- Update the Address Type of a set of assets (Internal or External)
Who can use Playbooks?
The ability to view Playbook information is available to users with the Core Read IAM privilege. The ability to modify Playbooks is housed in the following IAM privileges:
- Automation Control: Enable or disable Playbooks
- Automation Modify: Create, modify, and run Playbooks and Rules
These privileges are provided in the Administrator and Data Manager Foundational Roles and the Automation Owner Supplemental Role. They can also be added to a custom IAM role.
How do I start automating?
To view a step-by-step explanation of how to set up Playbooks and execute Rules, visit the Playbooks Detailed Walkthrough guide.