Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.1.0 Administration Guide
5.1.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Automated Incident Response - Playbooks Page

Automated Incident Response - Playbooks Page

The AUTOMATED INCIDENT RESPONSE – PLAYBOOKS page displays a row for each Playbook policy. To access this page,select SECURITY SETTINGS > Playbooks.

Each Playbook policy row can be expanded to show the actions that it contains, as shown below:

You can drill down in a Playbook policy row to view the actions for that policy by clicking the icon.

Note: There are more options and actions than those shown above that can be added to a Playbook policy, such as the blocking of a malicious IP address. You may consult Fortinet Support about how to add them.

Note: Automatic Incident Response Playbook features can also be triggered by extended detection events when follow-up actions are configured for the Collector Group of a device on which the event triggered. This enables the system to follow up upon the detection of such an event and execute a sequence of actions, such as to block an address on a firewall or to isolate the device in which part of the event occurred.

Previous
Next

Automated Incident Response - Playbooks Page

The AUTOMATED INCIDENT RESPONSE – PLAYBOOKS page displays a row for each Playbook policy. To access this page,select SECURITY SETTINGS > Playbooks.

Each Playbook policy row can be expanded to show the actions that it contains, as shown below:

You can drill down in a Playbook policy row to view the actions for that policy by clicking the icon.

Note: There are more options and actions than those shown above that can be added to a Playbook policy, such as the blocking of a malicious IP address. You may consult Fortinet Support about how to add them.

Note: Automatic Incident Response Playbook features can also be triggered by extended detection events when follow-up actions are configured for the Collector Group of a device on which the event triggered. This enables the system to follow up upon the detection of such an event and execute a sequence of actions, such as to block an address on a firewall or to isolate the device in which part of the event occurred.

Previous
Next