5 Easy Ways to Trigger Automated SOAR Playbooks
Cyware Security Orchestration Layer (CSOL) • Jan 13, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Cyware Security Orchestration Layer (CSOL) • Jan 13, 2021
The Cyware Security Orchestration Layer (CSOL) serves as the glue that bonds different security technology infrastructure components together in order to orchestrate and automate actions across various applications. CSOL Playbooks are automated security workflows that perform actions across the different integrated applications.
The execution of a Playbook in CSOL can be triggered in several different ways, as listed below.
Manually triggering a Playbook
Security teams can manually trigger a Playbook by clicking on the ‘Run’ button on the playbook page. When SOC Analysts manually trigger a Playbook from within CSOL, they can check the status of execution from the Run Logs as shown in the screenshot below. It provides details about the last time a Playbook was run, the result of the Playbook execution, event, and last activity related to that Playbook.
Another way of triggering a Playbook manually is by doing so from Cyware Fusion and Threat Response. Using this method, security teams can use CSOL Playbooks suggested within the CFTR platform to perform and support various threat response tasks such as indicator enrichment, investigation, alerting, and many more.
If a Playbook is automated, then the event column in the run log shows the event value. If the Playbook is manual, then the event column is empty without any event value.
Automated ways to trigger Playbooks
A CSOL Playbook could also be triggered automatically through different methods such as:
Cron Trigger : Playbooks can be scheduled to execute at specific times using cron jobs.
Source Event Trigger - CSOL can look for specific security events that match any pre-configured Playbook labels to trigger the Playbook it is mapped to.
API Trigger - CSOL Open APIs can also be used to trigger Playbooks programmatically.
Parent Playbook Trigger - Through nested Playbooks in CSOL, a child Playbook can be triggered automatically when its parent Playbook is executed.
The takeaway
The CSOL platform enables SOC teams to perform time-critical security processes and workflow optimizations with minimal or no inputs by any humans in the loop resulting in above par MTTRs. By utilizing the capability of CSOL to trigger Playbook execution using different automated methods described above, security teams can reduce their workload and focus on more in-depth tasks that require their expertise.