easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b[[{“value”:”<\/p>\n Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate world of technology and human behavior. As they navigate these complex landscapes, they must also transition from relying on tribal knowledge and ad-hoc maneuvers to a mature, high-performing operation. The key? Embracing consistency and cultivating effective procedures.<\/p>\n With this in mind, enter the world of Cisco XDR<\/a>. At its inception, it introduced a static default playbook with 19 tasks. However, let\u2019s face it, \u201cI want to do all the tasks\u201d is a phrase no analyst has ever uttered with enthusiasm. That\u2019s why we automated tasks, putting complex integrations in the background and bringing security operation tasks to the forefront, all with the power of automation.<\/p>\n Now, we\u2019re excited to introduce you to the next level: Cisco XDR Playbooks. They\u2019re not just task builders, they\u2019re a blend of procedure documentation and automation. Let\u2019s dive into the details of these exciting, innovative Playbooks.<\/p>\n In Cisco XDR, \u201cPlaybooks\u201d are the strategic guides for robust incident response, designed to streamline the identify<\/em>, contain<\/em>, and eradicate<\/em> processes for cyber threats. They also pave the way for a swift recovery<\/em>, restoring systems to full functionality post-attack. These Playbooks are structured as a series of \u201cPhases,\u201d each housing a set of \u201cTasks\u201d that provide clear direction for security analysts and incident responders. These phases are thoughtfully aligned with the SANS Institute\u2019s PICERL methodology<\/a>, ensuring a comprehensive response strategy. Additionally, to enhance efficiency, each task within a Playbook can be coupled with an Automation Workflow. The combination of Playbooks and workflows not only cuts down on monotonous labor, but also accelerates the response by automating various steps in the process allowing for autonomous security operations to start with Artificial Intelligence or expedited task execution with greater consistency and effectiveness.<\/p>\n When you create a new Automation Workflow in Cisco XDR, you can now choose a specific type or \u201cIntent\u201d. As part of the new Playbook feature, we have launched a new Intent called \u201cIncident Response\u201d workflow. These Workflows can be used for Playbook Tasks and Incident Automation Rules. They reference the Incident properties in the same manner, which may seem like a boring feature until you realize this makes them reusable, shareable, and efficient.\u00a0<\/p>\n When you open the Editor for the first time, only the Cisco Managed Incident Playbook is displayed and is designated as the \u201cDefault\u201d Playbook. This default Playbook is assigned to all new Incidents until a new default playbook is designated, or \u201cAssignment Rules\u201d are created that assign a different playbook to new Incidents (more on that later). This playbook is also marked as \u201cRead-only\u201d, which means you cannot modify or delete it, as this is a playbook that is Cisco Managed. However, you can duplicate it to use as a template to create altered versions of this playbook. Obviously, you can also create a brand-new playbook from scratch.\u00a0<\/p>\n To summarize: with the Playbook Editor, you can view the playbook details, create a new playbook, edit a playbook, duplicate a playbook and customize it, specify which playbook is used by default, and delete a playbook (except, of course, for the Cisco Managed Incident Playbook which cannot be deleted).\u00a0<\/p>\n Now let\u2019s dive into the previously mentioned \u201cAssignment Rules\u201d: this feature allows you to create special rules to assign playbooks to new Incidents. When an Incident is created that matches the conditions of an assignment rule associated to a playbook, that playbook is displayed on the Response page in Incidents. For example, if an Incident contains certain MITRE tactics, and a rule contains these as conditions, the associated playbook would be assigned to that Incident. You could, for example, have a Ransomware Recovery Playbook, and an Assignment Rule that uses MITRE Technique T1486<\/a> (Data Encrypted for Impact) and Tactic TA112<\/a> (Impact) as conditions to assign that Playbook to those Incidents. \u00a0<\/p>\n If the Incident does not match any rules assigned to playbooks, the default playbook is assigned to the Incident. Once a playbook is assigned to an Incident, the assignment Incident cannot be changed, even if the playbook is edited. A copy of the playbook as it was when assigned to the Incident is stored for auditing purposes. The assignment rules work in a top-down priority order, and they stop processing on the first match. \u00a0<\/p>\n In this blog post, we have discussed the evolution and significance of Cisco XDR in standardizing the incident response process, enhancing effectiveness, and for consistent incident response. Cisco XDR\u2019s new Playbooks are customizable, strategic guides for robust Incident response, designed to increase the maturity of any security operations team.\u00a0<\/p>\n It is important to note that this is just the start of our Playbook journey. There is much more in development right now, which we will cover in subsequent blog posts. How will Cisco AI Assistant for Security use these Playbooks? Stay tuned\u2026 We aren\u2019t just your dad\u2019s networking company, we are Cisco \u2013 building the bridge to innovation.\u00a0<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!<\/em><\/p>\n Cisco Security Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n “}]]\u00a0\u00a0Delve into the world of Cisco XDR Playbooks, enhancing security operations with strategic guides and automation for robust incident response.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b[[{“value”:”<\/p>\n Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate world of technology and human behavior. As they navigate these complex landscapes, they must also transition from relying on tribal knowledge and ad-hoc maneuvers to a mature, high-performing operation. The key? Embracing consistency and cultivating effective procedures.<\/p>\n With this in mind, enter the world of Cisco XDR<\/a>. At its inception, it introduced a static default playbook with 19 tasks. However, let\u2019s face it, \u201cI want to do all the tasks\u201d is a phrase no analyst has ever uttered with enthusiasm. That\u2019s why we automated tasks, putting complex integrations in the background and bringing security operation tasks to the forefront, all with the power of automation.<\/p>\n Now, we\u2019re excited to introduce you to the next level: Cisco XDR Playbooks. They\u2019re not just task builders, they\u2019re a blend of procedure documentation and automation. Let\u2019s dive into the details of these exciting, innovative Playbooks.<\/p>\n In Cisco XDR, \u201cPlaybooks\u201d are the strategic guides for robust incident response, designed to streamline the identify<\/em>, contain<\/em>, and eradicate<\/em> processes for cyber threats. They also pave the way for a swift recovery<\/em>, restoring systems to full functionality post-attack. These Playbooks are structured as a series of \u201cPhases,\u201d each housing a set of \u201cTasks\u201d that provide clear direction for security analysts and incident responders. These phases are thoughtfully aligned with the SANS Institute\u2019s PICERL methodology<\/a>, ensuring a comprehensive response strategy. Additionally, to enhance efficiency, each task within a Playbook can be coupled with an Automation Workflow. The combination of Playbooks and workflows not only cuts down on monotonous labor, but also accelerates the response by automating various steps in the process allowing for autonomous security operations to start with Artificial Intelligence or expedited task execution with greater consistency and effectiveness.<\/p>\n When you create a new Automation Workflow in Cisco XDR, you can now choose a specific type or \u201cIntent\u201d. As part of the new Playbook feature, we have launched a new Intent called \u201cIncident Response\u201d workflow. These Workflows can be used for Playbook Tasks and Incident Automation Rules. They reference the Incident properties in the same manner, which may seem like a boring feature until you realize this makes them reusable, shareable, and efficient.\u00a0<\/p>\n When you open the Editor for the first time, only the Cisco Managed Incident Playbook is displayed and is designated as the \u201cDefault\u201d Playbook. This default Playbook is assigned to all new Incidents until a new default playbook is designated, or \u201cAssignment Rules\u201d are created that assign a different playbook to new Incidents (more on that later). This playbook is also marked as \u201cRead-only\u201d, which means you cannot modify or delete it, as this is a playbook that is Cisco Managed. However, you can duplicate it to use as a template to create altered versions of this playbook. Obviously, you can also create a brand-new playbook from scratch.\u00a0<\/p>\n To summarize: with the Playbook Editor, you can view the playbook details, create a new playbook, edit a playbook, duplicate a playbook and customize it, specify which playbook is used by default, and delete a playbook (except, of course, for the Cisco Managed Incident Playbook which cannot be deleted).\u00a0<\/p>\n Now let\u2019s dive into the previously mentioned \u201cAssignment Rules\u201d: this feature allows you to create special rules to assign playbooks to new Incidents. When an Incident is created that matches the conditions of an assignment rule associated to a playbook, that playbook is displayed on the Response page in Incidents. For example, if an Incident contains certain MITRE tactics, and a rule contains these as conditions, the associated playbook would be assigned to that Incident. You could, for example, have a Ransomware Recovery Playbook, and an Assignment Rule that uses MITRE Technique T1486<\/a> (Data Encrypted for Impact) and Tactic TA112<\/a> (Impact) as conditions to assign that Playbook to those Incidents. \u00a0<\/p>\n If the Incident does not match any rules assigned to playbooks, the default playbook is assigned to the Incident. Once a playbook is assigned to an Incident, the assignment Incident cannot be changed, even if the playbook is edited. A copy of the playbook as it was when assigned to the Incident is stored for auditing purposes. The assignment rules work in a top-down priority order, and they stop processing on the first match. \u00a0<\/p>\n In this blog post, we have discussed the evolution and significance of Cisco XDR in standardizing the incident response process, enhancing effectiveness, and for consistent incident response. Cisco XDR\u2019s new Playbooks are customizable, strategic guides for robust Incident response, designed to increase the maturity of any security operations team.\u00a0<\/p>\n It is important to note that this is just the start of our Playbook journey. There is much more in development right now, which we will cover in subsequent blog posts. How will Cisco AI Assistant for Security use these Playbooks? Stay tuned\u2026 We aren\u2019t just your dad\u2019s networking company, we are Cisco \u2013 building the bridge to innovation.\u00a0<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!<\/em><\/p>\n Cisco Security Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\nWhat are Playbooks in Cisco XDR?<\/strong><\/h2>\n
New Workflow template: Incident Response <\/strong><\/h2>\n
The Playbook Editor<\/strong><\/h2>\n
The Playbook Assignment Rules<\/strong><\/h2>\n
What are Playbooks in Cisco XDR?<\/strong><\/h2>\n
New Workflow template: Incident Response <\/strong><\/h2>\n
The Playbook Editor<\/strong><\/h2>\n
The Playbook Assignment Rules<\/strong><\/h2>\n