Incident ResponderRespond to Security Incidents

Playbook Templates

If you don't want to create a playbook from scratch, use a template. These templates come out-of-the-box or you can import your own from an existing playbook.

Playbook templates are frameworks that are already designed and ready for you to use. When you create a playbook from a template, just indicate the service you want to use.

There are 16 templates available out of the box, including ones for malware and phishing. You can also use turnkey playbooks as templates.

You can't delete these out-of-the-box templates.

To modify a template, export an existing playbook, then import it back into the system as a template. You can also create a new playbook from scratch.

Import a Playbook Template

When you export a playbook, import it back into the system or another system as a template. It can only import as a template, not a playbook.

  1. Ensure that your template file is in a valid JSON format. If you created and exported the playbook from Incident Responder, it is already in a valid format.

  2. In the navigation bar, click PLAYBOOKS.

  3. Click Import template A grey circle with a white line and arrow in the center..

  4. Click CHOOSE TEMPLATE FILE, then select a valid JSON file to upload.

    The playbook is imported as a template. To use the playbook, create a new playbook using the template.

Phishing Playbook Template

Break down the logic flow of the out-of-the-box phishing playbook template.

The phishing playbook template in the playbook interface.

Phishing emails imitate reputable senders to fool recipients into installing malicious software or revealing personal information.

The phishing playbook sources emails ingested into Case ManagerEmail Ingest. It checks the reputation of the domain that sent the email; extracts any files, URLs, or links; and checks the reputation of these entities. Then, the playbook checks if the email recipient has any web activity related to the URL.

Based on the sender's email address, the playbook searches for other recipients. If it finds other recipients, the playbook alerts you.