This section maps features to a step-by-step playbook design process.
Creating a playbook involves a set of incident types, phases, tasks, fields, workflows, scripts and rules to respond to an incident through intelligence, automation, and orchestration. Before creating a playbook, you need to understand your organization’s policies for responding to events.
- NIST Special Publication 800-61R2 (August 2012): Computer Security Incident Handling Guide
- Verizon’s VERIS Framework: Vocabulary for Event Recording and Incident Sharing
- Department of Defense CJCSM 6510.01B (18DEC14): Cyber Incident Handling Program
Before starting, familiarize yourself with the various tools and capabilities of Orchestration & Automation as described in Playbook toolkit. After, use the configuration procedures in this guide to create your playbook.