Use these steps to learn how you can use the Automated Phishing playbook in the SIR
Analyst Workspace and its capabilities.
Before you begin
Role required: sn_si.admin or sn_si.manager or sn_si.analyst
Procedure
-
In the SIR workspace, open a security incident.
-
Select the Playbook tab.
You can view the playbooks that have been enabled for the security incident. You can also see details like the category of the security incident, risk score.
Note: If you don’t see any playbooks listed, go to PAD and enable them to see it in the Playbook tab.
-
Select the Automated Phishing Playbook.
For automated phishing, the tasks are automatically performed for the security incident.
-
Select each stage to know what tasks have been performed by this playbook.
-
Select Analysis to see the list of activities performed in the Analysis phase.
You have the option to change it according to your requirements.
-
Similarly, you can select Contain, Eradicate, and Review to view the list of activities that have been performed in the respective phase.
You have the option to change them according to your requirements. If there’s any remaining activity or user action that you have to perform, it’s displayed in the respective phase.
-
If there’s any remaining activity or user action required in any of the phases, select the respective phase and perform the action to complete the activity.