Network Proactive Response Example Playbook
Important
When configuring playbooks for Proactive Response, the playbook name must match the trigger name and follow the Proactive Response Naming Convention.
iSensor IP Blocking and IP Block Removal Playbook Configurations ⫘
Note
When IP blocks (shuns) are applied to iSensors as a Proactive Response Action, the block is deployed to all of the tenant’s healthy iSensors. To remove an IP block, clients can leverage the iSensor Unblock playbook and target the relevant iSensor(s).
- Configure an iSensor Block playbook for the IP Block action using the trigger parameters shown below. For more information about adding a new playbook, see Create a New Playbook.
- Enter
M_iSensorBlockin the Playbook Details Name field. - Select User Initiated for the Trigger Type.
- Select Response Action for the Category.
- Select Asset for the Context.
- Enter
M_iSensorBlockin the Trigger Source Name field. - Under When does this playbook run?, select Only When and then enter
falsein the Trigger Filter field
Note
The iSensor Block playbook does not have actions listed in the dropdown, it must be executed manually.
Playbook for deploying IP blocks to the iSensor
Note
Each playbook has built-in documentation that walks through the steps to create a new playbook. Select Documentation from a playbook template or configured playbook in XDR to open this in a new tab and follow the guidance there.
- Configure an iSensor Unblock playbook for the IP Block Removal action using the trigger parameters shown below. For more information about adding a new playbook, see Create a New Playbook.
- Enter
M_iSensorUnBlockin the Playbook Details Name field. - Select User Initiated for the Trigger Type.
- Select Response Action for the Category.
- Select Asset for the Context.
- Enter
M_iSensorUnBlockin the Trigger Source Name field. - Under When does this playbook run?, select Only When and then enter
falsein the Trigger Filter field
Note
The iSensor Unblock playbook does not have actions listed in the dropdown, it must be executed manually.
Playbook for removing IP blocks from the iSensor
Note
Each playbook has built-in documentation that walks through the steps to create a new playbook. Select Documentation from a playbook template or configured playbook in XDR to open this in a new tab and follow the guidance there.