Using the Zero-day Vulnerability Playbook

  • Release version: Washingtondc
  • Updated October 22, 2024
  • 2 minutes to read

    • Use these steps to learn how you can use the Zero-day Vulnerability Playbook in the MSIM Workspace and its capabilities.

    Before you begin

    Role required: sn_msi.workspace_manager

    Procedure

    1. Navigate to Workspaces > Major Security Incident Management > Major Security Incidents.
    2. Select MSI number
      It takes you to the playbook page.
      Playbook Page
    3. Go to the Ellipsis menu.
    4. Select Add Playbook.
      It opens the playbook selection menu.
    5. Select the Zero- day Vulnerability Playbook.
    6. Select Add Playbook.
    7. Select each lane to explore the tasks this playbook performs.
    8. Select the first lane Identification & Assessment.
    9. It has two activities Determine vulnerable assets and Determine impacted customers which creates an MSI task.
      Note:
      All the tasks can be customized according to your needs.
    10. Open Determine vulnerable assets.
      It’s used to identify the assets that are exposed to risks or vulnerabilities.
    11. Enter the title and provide a detailed description of the task to clarify the objective.
    12. Set the priority to confirm the incident is addressed with the appropriate urgency.
    13. Select the appropriate Assignment Group from the menu.
      Note:
      Selecting an assignment group is required.
    14. Set the due date based on the urgency of the incident.
    15. Select Mark Complete to complete the task.
      This activity creates an MSI task and assigns it to that particular assignment group.
    16. Move to the next activity Determine impacted customers.
      It’s used to identify customers affected by vulnerabilities or security incidents.
    17. Enter the title and provide a detailed description of the task to clarify the objective.
    18. Select Mark Complete to complete the task.
      Note:
      All the lanes are sequential. Complete one lane to unlock and move on to the next.
    19. Move to second lane Monitoring and Intelligence.
    20. It has one activity Monitor threat intel for additional info on Vulnerability.
      It’s used to track and analyze threat intelligence to gather more information on vulnerabilities.
    21. Enter the title and provide a detailed description of the task.
    22. SelectMark Complete to complete the task.
    23. Move to the third lane Communication and Response.
    24. It has two activities Draft communication about vulnerability and Prepare mitigation plan.
    25. Open Draft communication about vulnerability.
      It’s used to prepare and draft communication to inform stakeholders about the vulnerability.
    26. Enter the title and provide a detailed description of the task.
    27. Select the appropriate Assignment Group from the menu to assign the vulnerability to a specific team.
      Note:
      Selecting an assignment group is required.
    28. Select Mark Complete to complete the task.
    29. Move to the next activity Prepare mitigation plan.
      It’s used to develop a detailed plan to mitigate the impact of the vulnerability and reduce associated risks.
    30. Enter the title and provide a detailed description of the task to clarify the objective.
    31. Select the appropriate Assignment Group from the menu.
      Note:
      Selecting an assignment group is required.
    32. Select Mark Complete to complete the task.