Good planning makes playbook performance far more efficient and effective.
The following approach is recommended when designing a playbook.
- Categorize your events. Use the Incident Type feature to organize your events into categories.
- Map your response progression. Use the Phases features.
- Define your manual intervention responses. Use the Tasks feature.
- Design the “look and feel,” including how you want to organize your data. Use the Incident Layouts, Fields, and Data Tables features.
- Define your decision-making process. Use the Playbooks and Scripts features. For those use cases not covered by Playbooks, use Rules, Workflows and Scripts instead.
- Automate information gathering and decision making. Use Threat Services and Functions features, and deploy apps appropriate for your environment.
- Test your playbook.