All Products
Search

This Product

    Security Center:Use the playbook feature

    Document Center

    Security Center:Use the playbook feature

    Last Updated:Nov 08, 2023

    Security Center provides automatic orchestration and response capabilities on the Playbook page. This allows you to orchestrate the logic of repetitive tasks in the response to security events into automatic processing policies. This helps reinforce the security of your system. After you create an automatic vulnerability fixing task, the task automatically runs on the assets that you select. This topic describes how to use the playbook feature.

    Background information

    You can quickly create an automatic vulnerability fixing task by using an existing policy on the My Policy tab of the Playbook page. After you create a task, the task automatically fixes the vulnerabilities that are detected on the selected servers based on the start time that you specify. This helps reinforce the security of your system. The tasks that are created on the Playbook page can fix Linux software vulnerabilities, Windows system vulnerabilities, and Web-CMS vulnerabilities.

    Limits

    Only the Enterprise and Ultimate editions of Security Center support this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

    Create a task

    1. Log on to the Security Center console. In the top navigation bar, select China as the region of the asset that you want to manage.

    2. In the left-side navigation pane, choose System Configuration > Playbook.

    3. Optional. On the Policy Center tab, find the required policy template and click Clone in the Actions column.

    4. On the My Policy tab, find the policy based on which you want to create a task and click Create in the Actions column.

    5. On the Create page, configure the following parameters and click Create.

      Parameter

      Description

      Task Name

      The name of the task.

      Asset List

      The assets on which you want to run the task. You can select an asset, multiple assets across asset groups, or an asset group. You can use one of the following methods to select assets:

      • Select asset groups from the Asset Group list. All assets in the selected groups are automatically selected. You can clear one or more selected assets in the Assets list on the right side.

      • Enter an asset name, IP address, or tag in the search box above the Assets list to search for specific assets. Fuzzy match is supported.

      Vulnerabilities to fix

      You can click the Linux Software Vulnerability, Windows System Vulnerability, or Web-CMS Vulnerability tab and select the vulnerabilities that you want Security Center to automatically fix. You can select up to 200 vulnerabilities to fix.

      Note

      The vulnerability list displays only the vulnerabilities that are detected in the selected assets.

      Snapshot storage time

      Before the task starts, Security Center creates snapshots for your assets. By default, the snapshots are stored for one day. You can change the storage period of snapshots.

      Notification

      The notification method that is used after the task is complete. The DingTalk chatbot and email methods are supported.

      Execution Time

      You can select Execute or specify a custom time.

      After the task is created, the Created message appears, and you are redirected to the Task Management tab.

    View the details of a task

    1. Log on to the Security Center console. In the top navigation bar, select China as the region of the asset that you want to manage.

    2. In the left-side navigation pane, choose System Configuration > Playbook.

    3. On the Task Management tab, find the task and click Details in the Actions column to view the task details.