Views:

Automate a wide variety of actions, from assessment of your environment to remediation actions.

Security playbooks enable automation of a variety of actions, helping reduce workload while speeding up security tasks and investigations. You can create playbooks from scratch or use templates to create playbooks and customize the settings within each playbook node to suit your specific needs. Depending on the playbook type, you can designate the playbooks to run manually, periodically, or automatically in response to a trigger.
The following table outlines the tabs available in the Security Playbooks app (Workflow and AutomationSecurity Playbooks).
Tab
Description
Execution Results
Check playbook execution status, approve pending actions, edit playbooks, and view execution results of playbooks
Playbooks
Templates
  • Preview playbook templates in view-only mode and choose templates to create playbooks
  • Filter by template type using the drop-down list
  • View the templates that are applicable to Attack Surface Risk Management or XDR Threat Investigation
Important
Important
The availability of certain playbook templates depends on your license entitlement for the associated Trend Vision One features. For more information, see Security playbooks requirements.
Important
Important
For customers that have updated to the Foundation Services release,
  • The ability to see, edit, and execute playbooks for certain endpoints depends on the asset visibility scope of the current user.
  • Multi-factor authentication (MFA) is required when users perform the following critical actions in Security Playbooks:
    • Create, edit, or delete playbooks
    • Approve or reject pending actions
    • Upload a new custom script
    • Manually execute playbooks in Security Playbooks or from Workbench
    For more information about MFA, see Enabling and configuring multi-factor authentication.
Related information