Use these steps to learn how you can use the Failed Login Manual playbook in the SIR
Analyst Workspace and its capabilities.
Before you begin
Role required: sn_si.admin or sn_si.manager or sn_si.analyst
Procedure
-
In the SIR workspace, open a security incident.
-
Click the Playbook tab.
You can view the playbooks that have been enabled for the security incident.
You can also see details like the category of the security incident, risk
score.
Note: If you don’t see any playbooks listed, then you need to go to PAD and
enable them to see it in the Playbook tab.
-
Click the Failed Login Manual Playbook.
For Failed Login Manual, the tasks are automatically performed for the
security incident.
-
Click each stage to know what tasks have been performed by this playbook.
-
Click Analysis to see the list of activities performed
in the Analysis phase.
You have the option to modify it as per your requirements.
-
Similarly, you can click Contain, Eradicate, and Review to view the list of
activities that have been performed in the respective phase.
You have the option to change them as per your requirements. If there’s any
remaining activity or user action that you need to perform, it is displayed in
the respective phase.
-
If there’s any remaining activity or user action required in any of the phases,
click the respective phase and perform the action to complete the
activity.