- Automation Management
- Automation Management Permissions
- Automation Management Playbooks
- Automation Management Playbook Triggers
- Pre-Built Automation Management Playbooks
- Create an Automation Management Playbook
- Preview Automation Management Playbook Details
- Enable or Disable an Automation Management Playbook
- Reorder an Automation Management Playbook
- Clone an Automation Management Playbook
- Edit an Automation Management Playbook
- View Automation Management Playbook History
- Filter Automation Management Playbooks
- Delete an Automation Management Playbook
Pre-built playbooks are playbooks that are already configured and enabled by default. They're listed along other playbooks in Automation Management. There are 13 pre-built playbooks.
Six pre-built playbooks with the alert is created trigger are in the following order by default:
Create Case – if an alert is created, and its risk score is 90 or higher, a case is created from the alert.
Set Alert Priority to Low – if an alert is created, and its risk score is less than 60, its priority is changed to Low.
Set Alert Priority to Medium – if an alert is created, and its risk score is greater than or equal to 60 and less than 80, its priority is changed to Medium.
Set Alert Priority to High – if an alert is created, and its risk score is greater than or equal to 80 and less than 90, its priority is changed to High.
Set Alert Priority to Critical – if an alert is created, and its risk score is greater than or equal to 90, its priority is changed to Critical.
Create Correlation Case – If a correlation rule outcome is defined to create a Threat Center case, Automation Management creates a case.
Six pre-built playbooks with the alert is modified trigger are in the following order by default:
Create Case – if an alert is modified and its risk score is 90 or higher, a case is created from the alert.
Set Alert Priority to Low – if an alert is modified, and its risk score is less than 60, its priority is changed to Low.
Set Alert Priority to Medium – if an alert is modified, and its risk score is greater than or equal to 60 and less than 80, its priority is changed to Medium.
Set Alert Priority to High – if an alert is modified, and its risk score is greater than or equal to 80 and less than 90, its priority is changed to High.
Set Alert Priority to Critical – if an alert is modified, and its risk score is greater than or equal to 90, its priority is changed to Critical.
Create Correlation Case – If a correlation rule outcome is defined to create a Threat Center case, Automation Management creates a case.
There is one pre-built playbook whose trigger is case is created. For the Set Default Case Assignee/Queue playbook, if a case is created and its risk score is greater than or equal to 90, it's assigned to the Tier 1 Analyst queue.
You can disable and reorder pre-built playbooks; you can't delete them.
If you don't want to use these pre-built playbooks, create your own playbook from scratch or clone a pre-built playbook to use as a starting point for a new playbook.