Use these steps to learn how you can use the Legal Request playbook in the MSIM Workspace and its capabilities.
Before you begin
Role required: sn_msi.workspace_manager.
Procedure
-
In the MSIM workspace, open a major security incident.
-
Select the Playbook tab.
You can view the playbooks that have been enabled for the major security incident.
Note: If you don’t see the playbooks listed, then you need to go to PAD and enable them to see it in the Playbook tab.
-
Select the Legal Request Playbook.
-
Click each lane to know what tasks have been performed by this playbook.
-
Click Analysis to see the list of activities performed in the Analysis phase.
You have the option to change it as per your requirements.
-
Similarly, you can click Contain, Eradicate, and Review to view the list of activities that have been performed in the respective phase.
You have the option to change them as per your requirements. If there’s any remaining activity or user action that you need to perform, it’s displayed in the respective phase.
-
If there’s any remaining activity or user action required in any of the phases, click the respective phase and perform the action to complete the activity.