Use these steps to learn how you can use the Manual Phishing playbook in the SIR Analyst Workspace and its capabilities.

Before you begin

Role required: sn_si.admin or sn_si.manager or sn_si.analyst

Procedure

  1. In the SIR workspace, open a security incident.
  2. Click the Playbook tab.

    You can view the playbooks that have been enabled for the security incident. You can also see details like the category of the security incident, risk score.

    Note: If you don’t see any playbooks listed, then you need to go to PAD and enable them to see it in the Playbook tab.
  3. Click the Manual Phishing Playbook.
  4. Click each stage to know what tasks have been performed by this playbook.
  5. Click Analysis to see the list of activities performed in the Analysis phase.
    You have the option to change it as per your requirements.Manual Phishing workspace
  6. Similarly, you can click Contain, Eradicate, and Review to view the list of activities that have been performed in the respective phase.
    You have the option to change them as per your requirements. If there’s any remaining activity or user action that you need to perform, it’s displayed in the respective phase.
  7. If there’s any remaining activity or user action required in any of the phases, click the respective phase and perform the action to complete the activity.