Linking runbooks with security incidents
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2024 07:31 AM
Hi,
I am trying to link a runbook with incidents and incident response tasks by adding a filter condition.
(Incident description contains phishing) (Screenshot attached)
But this does not reflect when a new phishing incident is created or in any existing incident.
Any suggestions will be helpful.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2024 02:20 AM
Hi Devanshi,
Maybe you can change the filter condition to a different data point.
For example, Category is Social Engineering, or if you have use User Reported Phish a specific statement at the beginning of the Short Description of the SIR like, Short Description startswith "User Reported Phish".