Automated Malware playbook

The Automated Malware playbook provides a sequence of automated steps that helps you resolve malware alerts quickly and efficiently.

Use the malware playbook flow to automate the steps involved in handling malware alerts from the endpoint or the network. The flow template includes trigger conditions, a sequence of actions and subflows that are annotated for readability.

These templates contain a sequence of reusable actions designed to respond to phishing attacks. Each flow has a trigger (condition), a sequence of actions and subflows that are annotated for readability. To access these flows, you must install the Security Operations Spoke and Security Operations Palo Alto Networks - WildFire app from the ServiceNow Store.

Note: You must activate these templates before you can use them.

The following flows and subflows are included:

Security Incident - Automated Malware Playbook Template: This template is designed to automate the responses to malware alerts and contains a sequence of actions including a trigger.
Security Incident - Malware Manual Template: This template is the existing manual malware response workflow that is activated when the category is set to Malicious Code Activity.

Subflows

Confirm Threat from Observable: Verifies if the observables is malicious and needs to be addressed.
Set Incident Severity: Sets a severity status for the incident.
Ransomware Playbook: Determines whether it is a ransomware attack.

These subflows represent a set of reusable operations that can be used in multiple playbooks. You can use these subflows to define custom templates (flows) according to your requirements.

To create custom templates (flows), follow the instructions in Flows.

Automated Malware playbook

The Automated Malware playbook provides a sequence of automated steps that helps you resolve malware alerts quickly and efficiently.

Note: You must activate these templates before you can use them.

The following flows and subflows are included:

Security Incident - Automated Malware Playbook Template: This template is designed to automate the responses to malware alerts and contains a sequence of actions including a trigger.
Security Incident - Malware Manual Template: This template is the existing manual malware response workflow that is activated when the category is set to Malicious Code Activity.

Subflows

Confirm Threat from Observable: Verifies if the observables is malicious and needs to be addressed.
Set Incident Severity: Sets a severity status for the incident.
Ransomware Playbook: Determines whether it is a ransomware attack.

These subflows represent a set of reusable operations that can be used in multiple playbooks. You can use these subflows to define custom templates (flows) according to your requirements.

To create custom templates (flows), follow the instructions in Flows.

How search works:

Topics are ranked in search results by how closely they match your search terms

Automated Malware playbook

Automated Malware playbook

On this page

Automated Malware playbook

Automated Malware playbook

Log in to personalize your search results and subscribe to topics