CyberSecurityBoard
Sponsor Register Login

Playbooks on-prem

To address this challenge, Sekoia.io has recently released Playbooks on-prem.
In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises.
At its core, Playbooks on-prem revolve around a playbook runner that facilitates local execution of different actions.
Let's consider a use case to shed more light on Playbooks on-prem.
Due to the limitation of inbound connections, the playbook can't directly connect to the client environment and take action on-prem.
As a solution, the Sekoia team offers an on-prem playbook runner to be installed within the client's environment.
For the AD use case, the Sekoia team suggests launching a virtual machine with a playbook runner and Docker on the client's environment.
Playbook runner periodically sends requests to the Sekoia SOC platform to check for pending tasks.
On the reception of an automation request, the on-prem agent orchestrates and configures the underlying playbook actions.
After disabling the user, the playbook runner reports to the Sekoia SOC platform.
As soon as the action confirmation is received, the playbook proceeds to the next task and dispatches it to the playbook runner.
The encrypted communication channel between a playbook runner and the Sekoia SOC platform is a cornerstone here.
Playbooks on-prem: prerequisites and installation guidelines.
As there is no inbound communication between the local environment and the Sekoia SOC platform, you'll need to establish an outbound communication channel between the playbook runner installed within your domain and our platform.
Kickstart the installation process by creating a playbook runner.
Optionally, you can assign a name to the playbook runner for easy identification.
Check out our public documentation for more details on how to install Playbooks on-prem.
All the reports generated by the installed playbook runners will be available on the Sekoia SOC platform.
Playbooks on-prem are a versatile solution for running actions within a local environment.
Last but not least, this automation implies simplicity and flexibility, and our team is always ready to support clients on their way to installing, configuring, and leveraging Playbooks on-prem.


This Cyber News was published on blog.sekoia.io. Publication date: Thu, 22 Feb 2024 20:43:06 +0000


Cyber News related to Playbooks on-prem

Playbooks on-prem - To address this challenge, Sekoia.io has recently released Playbooks on-prem. In this way, Playbooks on-prem may appeal to companies seeking to synchronize cloud actions with those executed on-premises. At its core, Playbooks on-prem revolve around a ...
1 year ago Blog.sekoia.io
Enhancing Incident Response Playbooks With Machine Learning - Every company should have a general incident response plan that establishes an incident response team, designates the members, and outlines their strategy for reacting to any cybersecurity incident. To consistently act on that strategy companies need ...
1 year ago Darkreading.com
Building SOAR Playbooks To Respond To Common Web-Based Attacks - For web-based attacks, a playbook must be able to handle a wide variety of threat vectors, from phishing emails and malicious URLs to web application firewall (WAF) alerts and suspicious file downloads. By automating the detection, investigation, and ...
2 months ago Cybersecuritynews.com
How to create an incident response playbook - Creating and maintaining an incident response playbook can significantly improve the speed and effectiveness of your organization's incident response. To help, here's a crash course on what incident response playbooks are, why they are important, how ...
1 year ago Techtarget.com
How to Build a SOAR Playbook: Start with the Artifacts - Security Boulevard - Artifacts are data elements relevant to your security incidents, such as device IDs, user IDs, IP addresses, file hashes, and process names. By focusing on commands that interact with your key artifacts, you streamline your playbook, making it more ...
8 months ago Securityboulevard.com
CVE-2022-20808 - A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple ...
2 years ago
CVE-2023-27264 - A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. ...
2 years ago
How to Build a Phishing Playbook Part 2: Wireframing - Welcome back to our series on automating phishing investigation and response with playbooks in Smart SOAR. This is a four-part series covering preparation, wireframing, development, and testing. Wireframing workflows is an excellent step in-between ...
1 year ago Securityboulevard.com
How to Use Ansible with CML - Similar to Terraform, Ansible is a common, open-source automation tool often used in Continuous Integration/Continuous Deployment DevOps methodologies. Although overlaps exist in the capabilities of Terraform and Ansible, they are very complementary. ...
1 year ago Feedpress.me
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com
PRODUCT REVIEW: MIXMODE PLATFORM FOR REAL-TIME THREAT DETECTION - Cybersecurity vendor MixMode has redefined the art and science of threat detection and response with its groundbreaking MixMode Platform. At its core, the MixMode Platform relies on a patented foundational model specifically engineered to detect and ...
1 year ago Cybersecurity-insiders.com
What Is Cloud Repatriation and Why Are Businesses Doing It? - At first glance, this may seem to indicate that businesses are seeking out ways to reclaim control of their information and take back data stored on the cloud. Cloud repatriation, also known as reverse cloud migration, is when data is moved from the ...
1 year ago Securityboulevard.com
CVE-2022-4019 - A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. ...
2 years ago
CVE-2019-10194 - Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion ...
2 years ago
CVE-2023-27263 - A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. ...
2 years ago
CVE-2023-4106 - Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. ...
1 year ago
CVE-2023-46701 - Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID ...
1 year ago Tenable.com
CVE-2023-45847 - Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin ...
1 year ago Tenable.com
Advancing SOAR Technology: Key 2023 Updates in Incident Response Automation - In 2023, we've achieved a remarkable milestone in the cybersecurity landscape by securing 70% of our new business from security teams eager to upgrade from their existing Security Orchestration, Automation, and Response solutions. By actively ...
1 year ago Securityboulevard.com
CVE-2024-47401 - Mattermost versions 9.10.x < 9.10.2, 9.11.x < 9.11.1 and 9.5.x < 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response ...
7 months ago
Varonis Introduces Athena AI to Transform Data Security and Incident Response - Athena AI, the new generative AI layer that spans across the entire Varonis Data Security Platform, redefines how security teams protect data - from visibility to action. Athena AI is embedded within the Varonis Data Security Platform and appears in ...
1 year ago Bleepingcomputer.com
How to Implementing SOAR To Reduce Incident Response Time Effectively - Once these foundational integrations are in place, organizations can expand their SOAR implementation to include more advanced capabilities, such as automated vulnerability scanning, endpoint isolation, and integration with cloud security tools. This ...
2 months ago Cybersecuritynews.com
Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk - PRESS RELEASE. TEL AVIV, Israel, Jan. 16, 2024 - Savvy, a software-as-a-service security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management ...
1 year ago Darkreading.com
CVE-2025-41423 - Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts ...
1 month ago
What is digital forensics and incident response? - Digital forensics and incident response is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. As the acronym implies, DFIR integrates digital forensics and incident ...
1 year ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)