Playbooks
Automate incident response workflows with conditional logic and actions.
3 active · 2 inactive
| Playbook | Trigger | Conditions | Steps | Last Run | Active | |
|---|---|---|---|---|---|---|
Critical Incident Response Auto-respond to critical priority incidents with escalation | incident_created | priority = Critical | 5 | Mar 10, 2026, 02:32 PM | ||
Brute Force Detection Notify SOC team and block source IP on brute force events | incident_created | event_category = Authentication, severity = High | 4 | Mar 11, 2026, 08:15 AM | ||
Weekly Security Digest Send weekly summary email to all analysts | manual | — | 2 | Mar 4, 2026, 09:00 AM | ||
Malware Containment Isolate endpoint and notify team on malware detection | incident_created | event_category = Malware, priority = High | 6 | Mar 9, 2026, 10:44 PM | ||
Privilege Escalation Alert Escalate and assign to senior analyst on priv-esc detection | incident_created | event_category = Privilege Escalation | 3 | Never |