Key Concepts for Automation
- 02 Jul 2024
- 1 Minute to read
- PDF
Key Concepts for Automation
- Updated on 02 Jul 2024
- 1 Minute to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Key concepts
There are several key elements that comprise automation: Triggers, Playbooks, and Actions.
Triggers
Triggers describe when automation should begin. Triggers start with an event (such as When a threat is published or When an Endpoint status changes) and can be limited by conditions such as and Threat Severity is.... Each trigger can be linked to one or more playbooks, making both triggers and playbooks highly reusable.
.png?sv=2022-11-02&spr=https&st=2024-11-22T04%3A35%3A17Z&se=2024-11-22T04%3A45%3A17Z&sr=c&sp=r&sig=R0a5%2FdAEvdC%2Fs48%2BUfdqogf5%2FYkLWBqsk1C9s0OC5k8%3D "time threat(1).png")
Playbook
Playbooks are a group of actions you want to take to achieve a goal. Playbooks can range from the simple (“Email my security mailing list”) to the complex (“Notify an on-call phone tree, network isolate any affected endpoints, and begin remediation.”)
.png?sv=2022-11-02&spr=https&st=2024-11-22T04%3A35%3A17Z&se=2024-11-22T04%3A45%3A17Z&sr=c&sp=r&sig=R0a5%2FdAEvdC%2Fs48%2BUfdqogf5%2FYkLWBqsk1C9s0OC5k8%3D "action(1).png")
Action
An action is the specific action taken by the automation, whether sending an email, calling a phone, changing a firewall rule, or sending an alert to your Security information and event management (SIEM). Red Canary’s supported actions are constantly expanding as we enable new integrations.
Was this article helpful?
