Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.4.2 User Guide
    7.4.2
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    General Concept

    General Concept

    A playbook consists of a sequence of steps, designated as "playbook steps", that are designed to ultimately automate tasks and achieve specific goals. Playbook steps can be used as building blocks, allowing you to quickly iterate new flows that suit your needs for investigation and response.

    Designing a Playbook

    When designing a playbook, consider the following:

    • What are the critical actions you wish to accomplish?

    • What are the triggers/conditions needed to execute your actions?

    • Do you require loops (playbook feature that repeats a set of actions)?

    • Do you have any time related requirements for your triggers/conditions/actions?

    • What remediation actions are needed?

    General Step By Step Process

    A playbook is created on a visual canvas, called the Playbook Designer. You start with a Trigger Step, which you must define and save. Next, take a connection point and drag-and-drop to an empty area to create a placeholder step, which opens the Select Step pane. Available playbook steps will appear. Configure it according to your requirements, then save it. This step is now connected to the Trigger step. Continue adding and configuring steps based on your use case to complete the playbook workflow. A playbook ends when no further steps remain.

    Detailed Playbook Information

    Click on any of the following links to get more information on Playbook designer, Playbook steps, or a specific type of Playbook steps.

    Playbook Designer: Explains the functions available in Playbook Designer to create/modify a playbook.

    Playbook Steps: Explains functions and actions available when adding/editing a playbook step.

    • Trigger Steps: The starting point of a playbook. All steps follow after a Trigger Step.

    • Core Steps: Create and store contextual information relevant to the playbook.

    • Evaluate Steps: Define logical flows within the playbook. These include decision points, time delays, and user input.

    • Execute Steps: Perform automated operations.

    • References Steps: Utilize other playbook(s), forming a chain of playbooks.

    • Email Steps: Automatically send email to users identified in the step with either specific static criteria or record-relevant data using dynamic values.

    Previous
    Next

    General Concept

    General Concept

    A playbook consists of a sequence of steps, designated as "playbook steps", that are designed to ultimately automate tasks and achieve specific goals. Playbook steps can be used as building blocks, allowing you to quickly iterate new flows that suit your needs for investigation and response.

    Designing a Playbook

    When designing a playbook, consider the following:

    • What are the critical actions you wish to accomplish?

    • What are the triggers/conditions needed to execute your actions?

    • Do you require loops (playbook feature that repeats a set of actions)?

    • Do you have any time related requirements for your triggers/conditions/actions?

    • What remediation actions are needed?

    General Step By Step Process

    A playbook is created on a visual canvas, called the Playbook Designer. You start with a Trigger Step, which you must define and save. Next, take a connection point and drag-and-drop to an empty area to create a placeholder step, which opens the Select Step pane. Available playbook steps will appear. Configure it according to your requirements, then save it. This step is now connected to the Trigger step. Continue adding and configuring steps based on your use case to complete the playbook workflow. A playbook ends when no further steps remain.

    Detailed Playbook Information

    Click on any of the following links to get more information on Playbook designer, Playbook steps, or a specific type of Playbook steps.

    Playbook Designer: Explains the functions available in Playbook Designer to create/modify a playbook.

    Playbook Steps: Explains functions and actions available when adding/editing a playbook step.

    • Trigger Steps: The starting point of a playbook. All steps follow after a Trigger Step.

    • Core Steps: Create and store contextual information relevant to the playbook.

    • Evaluate Steps: Define logical flows within the playbook. These include decision points, time delays, and user input.

    • Execute Steps: Perform automated operations.

    • References Steps: Utilize other playbook(s), forming a chain of playbooks.

    • Email Steps: Automatically send email to users identified in the step with either specific static criteria or record-relevant data using dynamic values.

    Previous
    Next