Dynamic playbooks allow security teams to automatically adjust response to an attack based on threat intelligence,whether from internal or external sources.
During an attack, security tools can add artifacts, including IP addresses and malware hashes, to a Resilient incident. Dynamic playbooks automatically enrich these artifacts with threat intelligence from an integrated feed and can determine that the incident’s IP address is a malware command-and-control server.
Dynamic playbooks automatically increase the incident severity, escalating the response process. For example, if an executive’s device is infected, dynamic playbooks can automatically escalate the incident to a Tier 2 analyst and notify the legal team. Or if an integrated endpoint detection and response solution reveals that the malware hash is found on several other computers in the organization, the playbooks can direct IT staff to reimage the impacted machines.
This all occurs before the analyst even opens the incident. It helps ensure that the right analyst is working with up-to-date intelligence, helping them to effectively manage today’s increasingly complex attacks.