Linking runbooks with security incidents

Devanshi Tiwar1
Tera Contributor

Hi,

 

I am trying to link a runbook with incidents and incident response tasks by adding a filter condition.

(Incident description contains phishing) (Screenshot attached)

But this does not reflect when a new phishing incident is created or in any existing incident.

Any suggestions will be helpful.

 

Thanks!

 

 

 

1 REPLY 1

fkaracaer
Tera Contributor

Hi Devanshi,

Maybe you can change the filter condition to a different data point.

For example, Category is Social Engineering, or if you have use User Reported Phish a specific statement at the beginning of the Short Description of the SIR like, Short Description startswith "User Reported Phish".