Set up the OSquery of External Address in the /etc/hosts file playbook

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Use the following steps to set up the OSquery of External Address in the /etc/hosts file playbook.

    시작하기 전에

    Role required:
    • sn_si.admin
    • flow_designer

    Make sure you have installed Security Operations Spoke (sn_sec_spoke).

    프로시저

    1. Login as a user with sn_si.user and flow_designer roles.
    2. Navigate to All > Flow Designer and select the OSquery External Address in /etc/hosts playbook.
    3. 옵션: Create a copy of the OSquery External Address in /etc/hosts playbook flow and make the necessary modifications.

      To create a copy of the playbook's flow, select the More actions menu icon and select Copy flow. Perform this step only if you plan to customize or make specific changes to the flow.

      그림 1. OSquery of External Address in /etc/hosts playbook
      Overview of the OSquery of External Address in /etc/hosts playbook.
    4. Activate the playbooks.
      1. Activate the main flow to use the playbook available in the base system.
      2. Activate the copied flows after making the required changes.
    5. Set a Trigger Condition for the playbook.

      This playbook is triggered and associated with the security incident when the Category is Insider Breach.

      그림 2. OSquery of External Address in /etc/hosts playbook trigger condition
      Trigger condition for OSquery of External Address in /etc/hosts playbook