EDITOR’S NOTE: This product was originally known as “Exec.” We have since renamed it “Red Canary Automate.” Where appropriate, references to the former product name have been updated accordingly.
Automate empowers security teams to define and automate threat remediation processes in a safe, easy, and meaningful way.
To get started, navigate to Automations and click New Trigger. A Trigger tells Automate to listen for an event with one or more conditions that you define:
Once your Trigger is defined, click Add a Playbook. Playbooks contain one or more Actions that Automate will execute when a Trigger's conditions match. If you have no Playbooks defined, click Create a New Playbook and then click on the Playbook to add Actions:
Playbooks are reusable, so start by giving your Playbook a name and a description that will make it easy to identify in the future.
Next, add one or more Actions that should be taken when the Trigger criteria are met:
When adding an Action, information from the detection may be used to generate informative notifications in a format of your choosing. Simply type a
$ and type the name of an element that you wish to insert, and Automate will make suggestions:
Click Save, and that's it! Return to the Triggers view to see your Trigger and corresponding Playbook. You can edit the Trigger or Playbook from this view at any time, or add additional Playbooks to an existing Trigger as needed.
As a part of Automate, we have migrated existing Notification Integration functionality into playbooks. Additionally, we have included a set of default triggers and playbooks for you to explore, enable or edit as you see fit.
Finally, we've developed a hybrid approach to automation that offers the speed of an automated response but provides human control over the final execution. You can now elect to require human approval for every Automate action with the notification options of email, Slack and/or SMS.
Many playbooks are safer to enable when a simple approval is provided from your team before the action executes. These approvals allow you to more efficiently move playbooks from manually trigger → automatically triggered with approvals → full auto.
Learn more about human approvals and add a layer of safety to your automated actions.