Linking runbooks with security incidents

Devanshi Tiwar1
Tera Contributor

‎03-07-2024 07:31 AM

Hi,

 

I am trying to link a runbook with incidents and incident response tasks by adding a filter condition.

(Incident description contains phishing) (Screenshot attached)

But this does not reflect when a new phishing incident is created or in any existing incident.

Any suggestions will be helpful.

 

Thanks!

 

 

 

Preview file
57 KB
0 Helpfuls
  • 512 Views
1 REPLY 1

fkaracaer
Tera Contributor

‎03-14-2024 02:20 AM

Hi Devanshi,

Maybe you can change the filter condition to a different data point.

For example, Category is Social Engineering, or if you have use User Reported Phish a specific statement at the beginning of the Short Description of the SIR like, Short Description startswith "User Reported Phish".

 

0 Helpfuls