Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

About the automated malware playbook flow

Log in to subscribe to topics and get notified when content changes.

About the automated malware playbook flow

The malware playbook flow provides a sequence of automated steps that helps you resolve malware alerts quickly and efficiently.

Use the malware playbook flow to automate the steps involved in handling malware alerts from the endpoint or the network. The flow template includes trigger conditions, a sequence of actions and subflows that are annotated for readability.

These templates contain a sequence of reusable actions designed to respond to phishing attacks. Each flow has a trigger (condition), a sequence of actions and subflows that are annotated for readability. To access these flows, you must install the Security Operations Spoke and Security Operations Palo Alto Networks - WildFire app from the ServiceNow Store.
Note: You must activate these templates before you can use them.
The following flows and subflows are included:
  • Security Incident - Automated Malware Playbook Template: This template is designed to automate the responses to malware alerts and contains a sequence of actions including a trigger.
  • Security Incident - Malware Manual Template: This template is the existing manual malware response workflow that is activated when the category is set to Malicious Code Activity.
Subflows
  • Confirm Threat from Observable: Verifies if the observables is malicious and needs to be addressed.
  • Set Incident Severity: Sets a severity status for the incident.
  • Ransomware Playbook: Determines whether it is a ransomware attack.

These subflows represent a set of reusable operations that can be used in multiple playbooks. You can use these subflows to define custom templates (flows) according to your requirements.

To create custom templates (flows), follow the instructions in Flows.

Feedback