New in 2024.11: Introducing incident response playbooks

  • November 6, 2024
  • 2 min read

While some months are dedicated to essential maintenance and fixes, others bring exciting developments that we can’t wait to share. This month is particularly special, as we are thrilled to introduce our latest feature: Playbooks.
This powerful new addition to our EDR functionality is designed to streamline and automate incident response workflows, ensuring a more efficient and rapid approach to managing security incidents.

What are Playbooks?

Playbooks are essential components of Security Orchestration, Automation, and Response (SOAR) systems. Their primary purposes are to facilitate the automation of common tasks and guide analysts through structured workflows during incident response scenarios. By allowing organizations to overwrite default processing flows with customized sequences, playbooks define specific workflows for various security events.

Playbooks in Action

Here’s how they work: when an incident is recorded, the Playbook Engine instantly checks for matches and triggers customized response flows defined in your tailored Playbooks. These sequences allow you to override default processing and implement workflows specific to your security needs, ensuring that only the first applicable Playbook executes to prevent conflicts.
With a dedicated Playbooks panel in the workspace, you can organize and customize Playbooks by partner or workspace, with the ability to clone or edit them for maximum flexibility.

Playbooks are easy to access and manage within the workspace dashboard. You can create and customize Playbooks in the order in which they’re triggered, and tailor their execution flow. This grid-based structure lets you prioritize the Playbooks from highly specific to more generic ones, so that as incidents are created, the Playbook engine evaluates triggers from top to bottom, ensuring the highest-priority Playbook executes first.

The Playbook Editor offers flexibility for building workflows based on incident data. You can add conditions, set triggers, and design workflows that operate on incident-specific data such as files, networks, and processes. The Condition element is particularly powerful, enabling decisions at runtime based on criteria like incident severity or alert paths.

 

With Playbooks, incident handling is seamless and customizable, providing a clear view of incident changes and workflow activity via the Playbook log. We look forward to seeing how you use Playbooks to maximize your security capabilities. This feature is available for all Emsisoft Enterprise Security users.
Compare Emsisoft license plans here.

Aditionally, this month’s update includes multiple minor performance improvements to ensure your Emsisoft products continue to deliver the experience you expect.

Device protection (desktop)

Management console (web app)

How to obtain the new version

So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.

Note to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great and well-protected day!

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next