- Automation Management
- Automation Management Permissions
- Automation Management Playbooks
- Automation Management Playbook Triggers
- Pre-Built Automation Management Playbooks
- Automation Management Advanced Playbooks
- Automation Management Rule-Based Playbooks
- Filter Automation Management Playbooks
- Find Automation Management Playbooks
- Enable or Disable an Automation Management Playbook
- Reorder an Automation Management Playbook
- Delete an Automation Management Playbook
- Automation Management Services
- Pre-Built Automation Management Services
- Create an Automation Management Service
- Edit an Automation Management Service
- Configure an Automation Management Service Instance
- Edit an Automation Management Service Instance
- Delete an Automation Management Service
- Refresh Automation Management Instance List
- Find Automation Management Services
- Automation Management Actions
- Create an Automation Management Action
- Clone an Automation Management Action
- Edit an Automation Management Action
- Deploy an Automation Management Action
- Preview Automation Management Action Code
- View Automation Management Action Run History
- View Automation Management Action Version History
- View Automation Management Action Audit Log
- Delete an Automation Management Action
- Refresh Automation Management Action List
- Automation Agents
Pre-built services are services that are already configured and enabled by default. They're listed along other services in Automation Management, with Exabeam under the CREATED BY column. There is one pre-built playbook, the threatcenter service.
The threatcenter service integrates Automation Management with Threat Center. It has eight actions:
No op – Logs the message No operation performed.
Update Alert – Updates the associated Exabeam use cases, tags, priority, and MITRE ATT&CK® tactics and techniques of an alert with a given alert ID.[2]
Update Case – Updates the associated Exabeam use cases, tags, priority, ATT&CK tactics and techniques, stage, closed reason if the stage is changed to Closed, queue, and assignee of a case with a given case ID.
Alert: Send Email – Sends information about an alert with a given alert ID to a list of email addresses.
Alert: Send Webhook – Sends information about an alert with a given alert ID to a list of webhook IDS.
Case: Send Email – Sends information about a case with a given case ID to a list of email addresses.
Case: Send Webhook – Sends information about a case with a given case ID to a list of webhook IDs.
Create Case – Manually creates a case given a case ID and associated Exabeam use cases, tags, priority, ATT&CK tactics and techniques, stage, closed reason if the stage is Closed, queue, and assignee.
You can't edit or delete pre-built services. If you don't want to use a pre-built service, create your own service.
[2] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.