All Products
Search

This Product

    Security Center:Use the playbook feature

    Document Center

    Security Center:Use the playbook feature

    Last Updated:Jun 08, 2023

    Security Center provides automatic orchestration and response capabilities on the Playbook page. This allows you to orchestrate the logic of repetitive tasks in the response to security events into automatic processing policies and helps you reinforce the security of your system. After you create an automatic vulnerability fixing task, the task automatically runs on the assets that you select. This topic describes how to use the playbook feature.

    Background information

    You can quickly create an automatic vulnerability fixing task by using an existing policy on the My Policy tab of the Playbook page. After you create a task, the task automatically fixes the vulnerabilities that are detected on the selected servers from the specified start time. This helps you reinforce the security of your system. The tasks that are created on the Playbook page can fix Linux software vulnerabilities, Windows system vulnerabilities, and Web-CMS vulnerabilities.

    Limits

    Only the Enterprise and Ultimate editions of Security Center support this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

    Create a task

    1. Log on to the Security Center console. In the top navigation bar, select China as the region of the asset that you want to protect.

    2. In the left-side navigation pane, choose System Configuration > Playbook.

    3. On the My Policy tab, find the policy based on which you want to create the task and click Create in the Actions column.

    4. On the Create page, configure the following parameters and click Create.

      Parameter

      Description

      Basic information

      Task Name

      The name of the task.

      Task Started At

      The execution frequency, start time, and end time of the task.

      Concurrent Tasks

      The number of servers on which the task can be concurrently executed. If you leave this parameter empty, the default value 10 is used.

      Vulnerability Fixing Information

      Vulnerability Severity

      The severity of the vulnerability.

      Vulnerabilities

      The vulnerabilities that are detected on the assets you selected. You can perform the following operations to select the vulnerabilities that you want to fix: Click the Linux software, Windows, or Web-CMS tab and select the vulnerabilities.

      Note

      You can select up to 200 vulnerabilities to fix.

      Fixing Details of Asset

      Servers

      The assets that you want to protect. You can select an asset, an asset group, or multiple assets from asset groups. You can use one of the following methods to select the assets:

      • Select asset groups from the Asset Group list. All assets in the selected groups are automatically selected. You can clear one or more selected assets in the Assets list to the right.

      • Enter an asset name in the search box above the Assets list to search for specific assets. Fuzzy match is supported. Select the assets on which you want to run the automatic vulnerability fixing task from the search results.

      Note

      The task runs only on the assets that you selected in the Assets list.

      Snapshot Information

      Storage Period

      The retention period of snapshots.

      Creation Period

      The time period during which snapshots can be created.

      Restart asset information

      Servers

      The assets that you want to protect. You can select an asset, an asset group, or multiple assets from asset groups. You can use one of the following methods to select the assets:

      • Select asset groups from the Asset Group list. All assets in the selected groups are automatically selected. You can clear one or more selected assets in the Assets list to the right.

      • Enter an asset name in the search box above the Assets list to search for specific assets. Fuzzy match is supported. Select the assets on which you want to run the automatic vulnerability fixing task from the search results.

      Note

      The task runs only on the assets that you selected in the Assets list.

      Notification Method

      The notification method.

      Notification Time

      The time at which Security Center sends notifications.

      After you create a task, a Created message appears, and you are redirected to the Task Management tab.

    View the details of a task

    1. Log on to the Security Center console. In the top navigation bar, select China as the region of the asset that you want to protect.

    2. In the left-side navigation pane, choose System Configuration > Playbook.

    3. On the Task Management tab, find the task and click Details in the Actions column. In the task details panel, view the information displayed on the Task Details and Task Configuration tabs.

      You can view the details of a task on the Task Details and Task Configuration tabs.