Exec empowers security teams to define and automate threat remediation processes in a safe, easy, and meaningful way.
To get started, navigate to Exec and click New Trigger. A Trigger tells Exec to listen for an event with one or more conditions that you define:
Once your Trigger is defined, click Add a Playbook. Playbooks contain one or more Actions that Exec will execute when a Trigger's conditions match. If you have no Playbooks defined, click Create a New Playbook and then click on the Playbook to add Actions:
Playbooks are reusable, so start by giving your Playbook a name and a description that will make it easy to identify in the future.
Next, add one or more Actions that should be taken when the Trigger criteria are met:
When adding an Action, information from the detection may be used to generate informative notifications in a format of your choosing. Simply type a
$ and type the name of an element that you wish to insert, and Exec will make suggestions:
Click Save, and that's it! Return to the Triggers view to see your Trigger and corresponding Playbook. You can edit the Trigger or Playbook from this view at any time, or add additional Playbooks to an existing Trigger as needed.
As a part of Exec, we have migrated existing Notification Integration functionality into playbooks. Additionally, we have included a set of default triggers and playbooks for you to explore, enable or edit as you see fit.