CyberSecurityBoard
Sponsor Register Login

Playbooks on-prem

To address this challenge, Sekoia.io has recently released Playbooks on-prem.
In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises.
At its core, Playbooks on-prem revolve around a playbook runner that facilitates local execution of different actions.
Let's consider a use case to shed more light on Playbooks on-prem.
Due to the limitation of inbound connections, the playbook can't directly connect to the client environment and take action on-prem.
As a solution, the Sekoia team offers an on-prem playbook runner to be installed within the client's environment.
For the AD use case, the Sekoia team suggests launching a virtual machine with a playbook runner and Docker on the client's environment.
Playbook runner periodically sends requests to the Sekoia SOC platform to check for pending tasks.
On the reception of an automation request, the on-prem agent orchestrates and configures the underlying playbook actions.
After disabling the user, the playbook runner reports to the Sekoia SOC platform.
As soon as the action confirmation is received, the playbook proceeds to the next task and dispatches it to the playbook runner.
The encrypted communication channel between a playbook runner and the Sekoia SOC platform is a cornerstone here.
Playbooks on-prem: prerequisites and installation guidelines.
As there is no inbound communication between the local environment and the Sekoia SOC platform, you'll need to establish an outbound communication channel between the playbook runner installed within your domain and our platform.
Kickstart the installation process by creating a playbook runner.
Optionally, you can assign a name to the playbook runner for easy identification.
Check out our public documentation for more details on how to install Playbooks on-prem.
All the reports generated by the installed playbook runners will be available on the Sekoia SOC platform.
Playbooks on-prem are a versatile solution for running actions within a local environment.
Last but not least, this automation implies simplicity and flexibility, and our team is always ready to support clients on their way to installing, configuring, and leveraging Playbooks on-prem.


This Cyber News was published on blog.sekoia.io. Publication date: Thu, 22 Feb 2024 20:43:06 +0000


Cyber News related to Playbooks on-prem

Playbooks on-prem - To address this challenge, Sekoia.io has recently released Playbooks on-prem. In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises. At its core, Playbooks on-prem revolve around a ...
8 months ago Blog.sekoia.io
Enhancing Incident Response Playbooks With Machine Learning - Every company should have a general incident response plan that establishes an incident response team, designates the members, and outlines their strategy for reacting to any cybersecurity incident. To consistently act on that strategy companies need ...
11 months ago Darkreading.com
How to create an incident response playbook - Creating and maintaining an incident response playbook can significantly improve the speed and effectiveness of your organization's incident response. To help, here's a crash course on what incident response playbooks are, why they are important, how ...
10 months ago Techtarget.com
How to Build a SOAR Playbook: Start with the Artifacts - Security Boulevard - Artifacts are data elements relevant to your security incidents, such as device IDs, user IDs, IP addresses, file hashes, and process names. By focusing on commands that interact with your key artifacts, you streamline your playbook, making it more ...
1 month ago Securityboulevard.com
CVE-2022-20808 - A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple ...
2 years ago
CVE-2023-27264 - A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. ...
1 year ago
How to Build a Phishing Playbook Part 2: Wireframing - Welcome back to our series on automating phishing investigation and response with playbooks in Smart SOAR. This is a four-part series covering preparation, wireframing, development, and testing. Wireframing workflows is an excellent step in-between ...
10 months ago Securityboulevard.com
How to Use Ansible with CML - Similar to Terraform, Ansible is a common, open-source automation tool often used in Continuous Integration/Continuous Deployment DevOps methodologies. Although overlaps exist in the capabilities of Terraform and Ansible, they are very complementary. ...
9 months ago Feedpress.me
PRODUCT REVIEW: MIXMODE PLATFORM FOR REAL-TIME THREAT DETECTION - Cybersecurity vendor MixMode has redefined the art and science of threat detection and response with its groundbreaking MixMode Platform. At its core, the MixMode Platform relies on a patented foundational model specifically engineered to detect and ...
9 months ago Cybersecurity-insiders.com
What Is Cloud Repatriation and Why Are Businesses Doing It? - At first glance, this may seem to indicate that businesses are seeking out ways to reclaim control of their information and take back data stored on the cloud. Cloud repatriation, also known as reverse cloud migration, is when data is moved from the ...
10 months ago Securityboulevard.com
CVE-2022-4019 - A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. ...
1 year ago
CVE-2019-10194 - Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion ...
1 year ago
CVE-2023-27263 - A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. ...
1 year ago
CVE-2023-4106 - Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. ...
1 year ago
CVE-2023-46701 - Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID ...
10 months ago Tenable.com
CVE-2023-45847 - Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin ...
10 months ago Tenable.com
Advancing SOAR Technology: Key 2023 Updates in Incident Response Automation - In 2023, we've achieved a remarkable milestone in the cybersecurity landscape by securing 70% of our new business from security teams eager to upgrade from their existing Security Orchestration, Automation, and Response solutions. By actively ...
10 months ago Securityboulevard.com
CVE-2024-47401 - Mattermost versions 9.10.x < 9.10.2, 9.11.x < 9.11.1 and 9.5.x < 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response ...
1 week ago
Varonis Introduces Athena AI to Transform Data Security and Incident Response - Athena AI, the new generative AI layer that spans across the entire Varonis Data Security Platform, redefines how security teams protect data - from visibility to action. Athena AI is embedded within the Varonis Data Security Platform and appears in ...
11 months ago Bleepingcomputer.com
Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk - PRESS RELEASE. TEL AVIV, Israel, Jan. 16, 2024 - Savvy, a software-as-a-service security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management ...
9 months ago Darkreading.com
What is digital forensics and incident response? - Digital forensics and incident response is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. As the acronym implies, DFIR integrates digital forensics and incident ...
9 months ago Techtarget.com
CVE-2021-34766 - A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability ...
3 years ago
CVE-2021-20032 - SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. ...
3 years ago
CVE-2020-3245 - A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web ...
4 years ago
CVE-2020-3443 - A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)