Skip to main content

Cyware Fusion and Threat Response

Manage Action Templates for Incidents

Using Action Library, you can create and manage the action templates. Action templates are used to map actions with various phases of the incident workflows. When an incident is created, the mapped actions are automatically created and linked to each phase of the incident. For example, to block an IP address during an incident response phase, you can map an action template to the phase in the incident workflow. Next time, when an incident is created, CFTR will automatically create an action to block the IP address and link it to the mapped incident phase. 

You can map the action templates with the incident workflow phases in the incident workflow configuration page. For more information, see Configure Incident Workflows.

To view the list of action templates, go to Admin Panel > Action Library. Use the search bar on the left to search for an action template. Select an action template to view the template details and the incident workflow phases that are mapped to the template. 

Note

All the templates that are added to the Action Library will be available for mapping with the incident workflow phases.

Create Action Template

You can create an action template and add it to the Action Library. You can also create action templates and add them to the Action Library from the existing actions on the action details page. For more information, see Create Template from Action.

To create an action template, do the following:

Note

To create action templates, you must have Create/Update permission for Action Library.

  1. Go to Admin Panel > Action Library.

  2. Click Create Template.

  3. Enter the action details:

    Note

    All the fields of the Summary tab of actions are displayed for creating an action template.

    • Title: Enter a title for the action.

    • Description: Enter a description that best describes the action. You can also add placeholder text in the description that will be replaced with appropriate details when the action is created for an incident.

    • Action Type: Select the type of security action to be performed.

    • Priority: Select a priority level of the action.

    • Assigned Group: Select a CFTR user group to assign the action to.

    • Labels: Select the labels to categorize the action.

  4. Click Submit.

The action template is added to the Action Library and is available for mapping with the incident workflow phases. When an action is created from an action template, the action is in the Draft state. You must enter all the mandatory fields before moving the action to the Open state.

Manage Action Templates

You can perform the following activities on the Action Library page to manage action templates:

  • Update action templates.

    Note

    Updating an action template does not affect the existing actions that are created from action templates.

  • Delete action templates.

    Note

    Before deleting an action template, ensure that the action template is not mapped to any incident workflow phase. Deleting an action template from the Action Library removes the action template from the Mapped Actions of the incident workflow phases also.

  • Search for an action template.

  • View activity logs to track updates to the action templates.