Playbooks

USM Anywhere enables you to create and manage manual and automated playbooks. Playbooks enable you to predetermine a set of steps that should be taken to remediate alarms generated from either a correlation rule or a custom orchestration rule. Automated playbooks run automatically when an alarm is triggered based off an alarm rule, while manual playbooks require users to manually execute the actions within the playbook as part of their response to the alarm in USM Anywhere. These playbooks allow you to accelerate your threat detection and incident response process by streamlining and automating common or alarm-specific workflows.

This topic discusses these subtopics: