Out-of-the-box Playbooks: overview

  • Last update on September 26th, 2024

From configuration to execution

Below is an overview of the main steps for managing and monitoring out-of-the-box policies:

1. Configuration

Configure your policy

For each policy, you can configure:

  • the threshold
  • the remediation settings (if available), including the scheduled recurrence (manual or automatic)

Remember that remediation can involve an alert, and/or an action, and/or an attestation.

2. Enablement

Enable the policy and the remediation

From the Policy Box, click on the toggles to:

  • enable the policy
  • enable the remediation

if you enable the policy but not the remediation, you will see the matched items, but no alerting nor actions will be executed.

 

3. Delegation

Roles and permissions

After configuring a policy, you can delegate it to your operators. This step is optional and can be performed at any time.

Delegation is not available in the Essentials solution.

 

4. Detection and validation

Run the policy

In Step 1, you scheduled one of the following recurrences: 

  1. Don't schedule (manual trigger only)
    If you selected this, you can run the policy when you see fit
  2. Schedule recurrence
    If you selected this option, the remediation will be executed automatically based on the recurrence configured (i.e., daily, monthly, etc.)

5. Remediation

Remediate matched items

Depending on the remediation settings, one of the following scenarios will apply:

  • you (or the attestation recipient) receive the attestation via email
  • the alert recipient receives an alert
  • the remediation action is executed without any communication

6. Monitoring

Check everything is working

Open the “Task notifications” by clicking on the bell on the top menu panel to control your remediation executions. You can also find this under “ACTIONS” and then “Tasks progress”.

The “Actions” menu is not available in the Essentials solution.

 

Remember that remediation is applied to every single item. No bulk remediation is provided.

If you see the “In progress” tag, an attestation may be currently underway. Always check the timeout days.