Customization of Out-of-the-Box Playbooks

Select RESPOND > Playbooks > Workflow Templates

Out of the Box Playbooks provide the templates to help you design and implement your playbook. These templates are pre-designed workflows and provide guidance to customize automated response as per your requirements.

List of Out Of the Box Playbooks

ArcSight SOAR provides the following out of the box playbook templates:

• Access Attempts on Unidentified Protocols and Ports

• Admin Account Check

• Block Malicious IPs - CheckpointFW

• Block Malicious IPs - Palo Alto Panorama

• Check IP Reputation from Multiple Sources

• Command and Control Traffic-1

• Command and Control Traffic-2

• Command and Control Traffic-3

• Command and Control Traffic-4

• Endpoint Investigation - Windows

• Internal Scanning Device

• Multiple Authentication Failure

• Outbound Traffic to Suspicious Countries, Ports, Services

• Phishing Email

• Stolen-Lost Device

• Virus Traffic in the Network

• Investigate Suspicious User Account on OKTA

• APIVoid URL Enrichment

• Email Address Enrichment and Block on Cisco Ironport

• Email Address Enrichment and Block on FortiMail

• Email Address Enrichment and Block on Sophos XG

• Email Address Enrichment and Block on Symantec GW

• Investigate File Hashes & Block on Carbon Black

• Investigate File Hashes & Block on Checkpoint R80

• Investigate File Hashes & Block on Kaspersky SC

• Investigate File Hashes & Block on McAfee NSP

• Investigate File Hashes & Block on SEP Manager

• IP Enrichment on Free TI Databases

• URL Enrichment and Block on Check Point R80

• URL Enrichment and Block on McAfee Web GW

• URL Enrichment and Block on Palo Alto Panorama

• URL Enrichment and Block on Sophos XG

Prerequisites for Out of the Box Playbook:

To configure and use out of the box playbooks, a set of integrations/analyst tasks/lists, as listed in respective playbook guides, must be configured on your environment. You can also view the overview and prerequisites of each Out of the Box Playbook in the Workflow Template tab in the SOAR application.

Customizing Out of the Box Playbooks

The out of the box playbooks must be customized to create a playbook as per your requirement.

To customize out of the box playbooks:

1. Click Workflow Template tab.

2. Click Create Workflow and specify a name to the workflow in Create Workflow From Templatewindow.

3. After importing the playbook as a template, select it and click Repair to configure as per your requirements.

4. Set parameter values as specified in the respective Playbook guide, in the Workflow Repair Wizard window.