With automated playbooks, also known as runbooks in some SOCs, managers, architects and analysts can work together to define the flow of activities associated with a specific security issue and subsequent investigation and response. The goal is to build a consistent set of activities followed in every case, no matter the analyst assigned the case.
The challenge, unfortunately, that SOCs face when building playbooks in certain SOAR products is the level of programming knowledge required. While they may look simple on the surface, most SOAR products require some level of coding expertise to make them work.
Siemplify took a different approach to build our playbook framework. Understanding that many SOCs do not have programmers on staff, our playbook architecture was built in a way that anyone can create and edit the steps in the playbooks without coding experience.
In this short video above, you can learn the three things you need to know about the Siemplify playbook capabilities: simplicity, flexibility and extensibility.