The Manual Malware playbook provides step-by-step guidance on how analysts can manually resolve malware alerts more efficiently.

The Manual Malware playbook template is designed to manually perform the steps involved in handling malware alerts from the endpoint or the network. You can use the playbook templates in Workflow Studio to perform the steps in the Manual Malware playbook and resolve these alerts efficiently. This playbook includes trigger conditions, a sequence of actions, and subflows that you can annotate. This playbook contains a sequence of reusable actions designed to respond to malware attacks. Each flow has a trigger (condition), a sequence of actions, and subflows for annotation.

This playbook can be used if malware is created or updated. You need to activate the Manual Malware Playbook in Workflow Studio and create all the tasks, such as analysis, contain, eradicate, and review.

The following are the stages of the process definition and correspond to the malware alert state:

• Analysis
• Contain
• Eradicate
• Review

Each stage has activities within it.

After you mark a task complete in a stage, you can move to the next task. You can save a task at any point in time and return to the playbook at a later date and time. After you complete all the tasks in a stage, you can move to the next stage. The status is reflected in the left-hand panel as you keep completing tasks and stages. An Activity log on the right-hand side of the playbook shows all the data that you have entered for each task.

After you complete all the tasks, you’re asked to review the details you entered in all the stages. You can choose to edit any field or click Finish to complete the process of creating the entitlement.