Views:

View the required entitlement needed to access each type of playbook.

The availability of certain playbook templates and the ability to execute playbooks depends on your license entitlement for the associated Trend Vision One features and the required data source configuration in Attack Surface Risk Management.
To view the credits needed for each required entitlement, see Credit requirements for Trend Vision One apps and services.
The following table details the requirements for each playbook type.
Category
Template
Required Data Source
Required Entitlement
Attack Surface Risk Management
Account Response
  • Microsoft Entra ID
  • Active Directory (on-premises)
Attack Surface Risk Management
Automated High-Risk Account Response
  • Microsoft Entra ID
  • Active Directory (on-premises)
Risk Event Response
Data sources in Attack Surface Risk Management
CVEs with Global Exploit Activity - Internal Assets
  • XDR Endpoint Sensor
  • Third-party data sources (Nessus Pro, Qualys, Rapid7, or Tenable.io)
CVEs with Global Exploit Activity - Internet-Facing Assets
Root domain configuration in Attack Surface Discovery
XDR Threat Investigation
Endpoint Response
XDR Endpoint Sensor
XDR Threat Investigation
Automated Response Playbook
Data sources / processors in XDR Threat Investigation
Incident Response Evidence Collection
XDR Endpoint Sensor
  • XDR Threat Investigation
  • Credits allocation to the Forensics app