Skip to main content

Cyware Fusion and Threat Response

Run Playbooks in Incidents

Security analysts can run Orchestrate Playbooks from the CFTR application while investigating an incident to retrieve important information related the incidents.

Before you Start

Ensure that the following conditions are met before running a playbook:

  • Orchestrate is integrated on your CFTR application. For more information, see Integrate Orchestrate in CFTR.

  • CFTR instance is configured on the Orchestrate application. For more information, see Create a CFTR Instance in Orchestrate.

  • Your CFTR user group has permission to run Orchestrate Playbooks. If your user group does not have the permission, contact your CFTR admin.

Run Playbook

  1. On the CFTR application, go to Menu > Incidents.

  2. Select an incident, and then go to Playbooks.

  3. Click Run Playbook. The Orchestrate Playbooks appear under the following sections:

    • Suggested Playbooks: Displays the suggested playbooks using Machine Learning algorithm.

    • All Playbooks: Displays all the playbooks that are available on the Orchestrate platform.

  4. Select a Playbook and click More > Run.

  5. Click Run on the confirmation message.