Playbook Policies
The FortiEDR Playbooks feature determines which automatic actions are triggered, based on the classification of a security event. Playbook policies enable administrators to preconfigure the action(s) to be automatically executed according to a security event’s classification. Typically, Playbook policies only need be configured once, and can be modified thereafter, if needed. FortiEDR classifies each security event into one of five Categories.
FortiEDR provides the following Playbook policy out of the box:
- Default Playbook: This Playbook policy specifies the default actions for the Collector Groups assigned to the policy. By default, all Collector Groups are assigned to this policy.