4 months ago we started on a journey to make security automation so easy that a 6 year old can do it. That was inspired watching my 6 year old son build apps on his ipad using an app called Tynker (https://www.tynker.com/- if you have young kids - highly recommended way to get them hooked on coding)

We wanted to build the security automation platform so that it was as easy as putting together legos to do whatever it is that you would want to automate.

I will walk you through a process that we have adopted with several of our customers to help them realize the benefits of Security Automation.

image2

The first step always is to just document the playbook in simple english - as if you were trying to train a junior analyst on how to perform a repetitive task. It's almost drawing a rough sketch of the painting you plan to draw before you fill in all the minor details.

For example, here is a very simple phishing triage playbook:

  • Read emails from an inbox where employees report suspicious phishing emails
  • For every email, extract URLs
  • Check reputation of the URL
  • For emails with attachments, check reputation of the attachment
  • If the url reputation is bad, or if the attachment reputation is bad, mark the email as phishing, otherwise mark it as benign.

The first step in the playbook requires an integration with the imap server. And, then you just want it to point it to the folder from where you want to read the emails.

To make this step super easy, all you have to do is look for a step

image7

And, then you look for an automation that does that..here are the top options that come up when I hit “Search & Add Automation” -

image5

Great. Let’s use IMAP to read emails. Once you select that automation - this one requires a connection to the IMAP server. Here is what the configuration screen looks like:

image3

Once you configure the connection, we tell it which folder to fetch the emails from, and whether to fetch all the emails or just the unread ones:

image1

And, that’s it - we are done adding this step.

image4

 

We repeat the same pattern a bunch of times to build out the playbook.

  • What am I trying to automate?
  • Find an automation that does that
  • Configure the automation and add it to the playbook.
  • Add the next step..unless done.

Watch me build this simple phishing flow in under 5 minutes from scratch here:

image6

 

 

 

 

 

 

 

Are you ready to start automating? We do office hours every week to help you get started automating your playbooks. Book a demo here and ask to schedule a working session if you are ready to start automating some playbooks.

Blog

Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More