Getting Started with Orchestrate
The following illustration shows the overall workflow in Orchestrate:
Identify Use Case
Identify the use case for orchestration and automation before building a playbook. For example, analysts can identify the incidents that they face often and automate the response to the incidents. For more information on the common use cases for orchestration and automation, see Use Cases.
Identify Apps
Identify the relevant apps using the app category such as network security, Analytics and SIEM, and more to help you achieve the tasks based on the use case.
You can either install apps from our existing Appstore.
Or you can build your own custom apps.
For example,
if your use case is to block URLs, then you can use the CTIX app to retrieve the IOC details using Action: Fetch IOC Details. If you need to block URLs, then you can use the Sophos app and utilize its Action: Add host group. You can use the same logic to identify all the relevant apps.
Build a Playbook
You can build a new playbook using the key features or reuse a playbook from playbook store. Playbook Store has over 125+ existing playbooks built around some of the most popular use cases. Review these playbooks if they are relevant to your requirements. If it is relevant, then you can reuse these playbooks and customize them further. For more information on Playbook Store, see Playbook Store. For more information on creating a new playbook, see Create Playbook.
Run Playbook
You can execute the playbook that you have built to automate and streamline the security incident response process. For more information on executing playbooks, see Execute a Playbook.
Analyze Run Logs
If a playbook execution is successful or a failure, then you can view the run logs to analyze the execution details of a playbook and use the run logs for debugging purposes. For example, if a playbook execution fails, you can view the playbook's run log to see the exact node at which it failed. For more information, see Run Logs.
Learn all about the administrative features to manage all the key configurations to onboard users and enable users to get started with the platform.
Basic Configurations
This section highlights the necessary configurations that you must perform to get started. You can also review and configure other platform-specific settings as required. For more information, see Other Configurations.
Step 1 | Authenticate users to sign in to the application by configuring your preferred authentication method such as LDAP, Username-Password, SAML, or Google Sign-In. | |
Step 2 | Configure an email server to send communication emails from the application. | |
Step 3 | Configure a proxy server to prevent direct access to the internet or public cloud applications. | |
Step 4 | Configure user groups to define Role-Based Access Control (RBAC) of the features and add users to the application. |
Other Configurations
Generate OpenAPI credentials to integrate Orchestrate with other applications and access the features using the REST API protocol. | |
View and track the status of all the services run by the application. | |
View all the user activities and API request logs in one place. | |
Configure the general settings of the application, such as the logo, general user account settings, Google Recaptcha, email settings, and local timezone settings. | |
View your license details, such as license key, expiry date, tenant name, tenant code, and the application version. You can also view the alert components that display the usage of user accounts |