Version:

Adding a Playbook

  1. Click Playbooks in the navigation bar.

  2. Click +Create Playbook.

    _images/LP_SOAR_Playbooks_AddingPlaybook.png

    Add New Playbook

  3. Click the Configure icon of the trigger block.

    _images/LP_SOAR_Playbooks_ConfigureBlock.png

    Configuring Settings

  4. Enter an Action Name and a Description.

  5. Select a Trigger Type.

    If you select Playbook or LogPoint SIEM Incident, enter a list of Input Parameters.

    If you select Schedule, select a Run Playbook time.

    • For At a Specific Time, select a Time and whether you want the playbook to repeat every Day or Week.

    • For Every X Hours, enter the Hours.

    • For Every X Minutes, enter the Minutes.

    _images/LP_SOAR_Playbooks_Add_TriggerConfiguration.png

    Configuring the Trigger

  6. Click Save Data.

  7. In Save Playbook, enter the Playbook Name, select the Category and the Path, and click Save.

    You can choose to save the playbook after you have finalized the playbook by clicking Save on the Adding a Playbook page.

    _images/LP_SOAR_Playbooks_SavePlaybook.png

    Saving Playbook

  8. Click Add Action +.

    _images/LP_SOAR_Playbooks_AddAction.png

    Add Action Button

  9. Drag and drop a playbook action type.

    _images/LP_SOAR_Playbooks_ConfigureActionBlock.png

    Drag and Drop a Playbook Action Type

  10. Click the Configure icon of the block and enter the details.

    To learn more, go to the Types of blocks section.

  11. Click Save Data.

    Follow steps 8, 9, 10, and 11 to add multiple number of blocks.

    Warning

    Make sure you click Save Data every time you update the configurations of a block. Otherwise, the updated data may be lost.

  12. Connect a node from a block to a node of another block to connect two blocks.

  13. Once you finalize the playbook, connect the final block with the End block.

  14. Click Save.

    _images/LP_SOAR_Playbooks_Add_Save.png

    Saving the Playbook

Note

You can clone an action by clicking the (clone) icon.

Enabling SLA Support

You can enable SLA support and generate SLA reports by editing playbook configurations. Enabling SLA support allows you to handle the cases created based on the playbook in a time period defined in the SLA configuration.

For example, if you add SLA Timer Value as 01:00:00, the case should be handled within one hour. If the first trigger % is 80%, then the selected playbook for the trigger % runs after 48 minutes. If the second trigger % is 100%, then the selected playbook for the second trigger runs after an hour.

To enable SLA support:

  1. Click Playbooks in the navigation bar.

  2. Click Add New Playbook +, and add and save the configuration.

    Or, select a playbook from the list in the Playbooks page.

  1. Click SLA.

    _images/LP_SOAR_Playbooks_Add_SLA.png

    SLA

  2. Enable Support SLA.

    _images/LP_SOAR_Playbooks_Add_EnableSupportSLA.png

    Enable Support SLA

  3. Select SLA Timer Value.

  4. Select a Playbook and enter its Trigger %. You can add another playbook and its trigger %.

    When the SLA time period defined in the SLA Timer Value reaches the trigger %, the selected playbook runs.

  5. Click Save.

Testing a Playbook

Once you create a playbook, you can test it by clicking Test Playbook.

_images/LP_SOAR_Playbooks_Add_Test.png

Test Playbook

Exporting a Playbook

You can also export the playbook by clicking Export Playbook.

_images/LP_SOAR_Playbooks_Add_Export.png

Export Playbook

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support