Siemplify's new approach for managing Security Operations Playbooks
Our very own Steve Salinas, Director of product marketing shared the latest news in Siemplify Blog about a new feature implemented into Siemplify platform - Playbook Blocks.
We are all aware that security operations centers are inundated with alerts causing massive case backlogs and potentially critical threats to go unnoticed for days, weeks or even months.
A good playbook will include a combination of automated and manual steps that enable the security analyst to focus on the investigation, while the SOAR handles case preparation, validation and the response execution. The playbook creation process often is straightforward depending on the SOAR product selected, but complications can arise.
The latest iteration of the Siemplify Security Operations Platform, version 5.3, delivers a new approach, known as playbook lifecycle management, to update playbooks. Using snippets, called blocks, security teams can compartmentalize the workflows that would traditionally constitute a single playbook. Your team can then create any number of playbooks using these blocks to meet their triage, investigation and response needs.
So when something does inevitably change, your team needs only to update the impacted block and all the playbooks that use that block will automatically be updated. With this process, you not only save large amounts of time, but you also eliminate the potential for missing a playbook during the manual update process.
Check out Steve's blog and video in the following link for more information.