The Automated Malware playbook provides a sequence of automated steps that helps analysts resolve malware alerts more efficiently.

The Automated Malware playbook template is designed to automate the steps involved in handling malware alerts from the endpoint or the network. You can use the playbook templates in Workflow Studio to automate the steps in the Automated Malware playbook and resolve these alerts efficiently. This playbook includes trigger conditions, a sequence of actions, and subflows that you can annotate. This playbook contains a sequence of reusable actions designed to respond to malware attacks. Each flow has a trigger (condition), a sequence of actions, and subflows for annotation.

This playbook can be used if a security incident is created or updated. You need to activate the Automated Malware playbook in Workflow Studio, and this playbook automatically performs all the tasks, such as analysis, contain, eradicate, and review.

The following are the stages of the process definition and corresponds to the security incident state:
  • Analysis
  • Contain
  • Eradicate
  • Review
Each stage has activities within it.
Figure 1. Automated Malware playbook
Automated Malware playbook overview

Once you mark a task complete in a stage, you can move to the next task. You can save a task at any point in time and return to the playbook at a later date and time. After you complete all the tasks in a stage, you can move to the next stage. The status is reflected in the left-hand panel as you keep completing tasks and stages. An Activity log on the right-hand side of the playbook shows all the data that you have entered for each task.

After you complete all the tasks, you’re asked to review the details you entered in all the stages. You can choose to edit any field or click Finish to complete the process of creating the entitlement.