// THREAT DETECTION AND DATA PRIVACY TERM
Runbook
A runbook is a detailed set of step-by-step instructions that guides a security team through the process of responding to a specific type of cybersecurity incident. It's like a recipe for handling a known threat, ensuring a consistent and efficient response.
TECHNICAL DEFINITION
A runbook in cybersecurity is a prescriptive collection of procedures and automated workflows used by Security Operations Center (SOC) analysts and Incident Response (IR) teams to address a specific security event or alert. These operational guides detail the sequential steps for threat detection, containment, eradication, and recovery, often integrated into SOAR platforms to streamline responses to incidents like malware infections or phishing attacks.
SYNONYMS & ALIASES
- playbook
- incident response plan
- standard operating procedure
- SOP
- response workflow
- action plan
USAGE NOTE
Runbooks are often more tactical and focused on automated execution compared to playbooks, which may outline a broader strategy.
DEVELOPERS
Organizations developing technology related to Runbook.
Developer of Cortex XSOAR, a leading Security Orchestration, Automation, and Response (SOAR) platform that uses customizable playbooks (a term often used for runbooks) to automate and standardize incident response processes.
Offers Splunk SOAR, which automates security tasks by executing playbooks in response to security events. These runbooks integrate with hundreds of third-party tools to orchestrate response actions across the security infrastructure.
Provides IBM Security QRadar SOAR, an incident response platform that uses dynamic and codeless playbooks to guide analysts, automate tasks, and orchestrate complex response workflows for cyber threats.
Develops Microsoft Sentinel, a cloud-native SIEM and SOAR solution. It uses automation rules and playbooks, built on Azure Logic Apps, to execute predefined runbooks for automated threat response.
Creates InsightConnect, its security orchestration and automation solution. It allows teams to build automated workflows, which function as runbooks, to connect tools and streamline repetitive tasks without extensive coding.
Offers a Security Operations (SecOps) platform that uses automated workflows and runbooks to manage and respond to security incidents, integrating security response with broader IT service management processes.
A no-code automation platform designed specifically for security teams. The entire platform is focused on allowing users to build and automate complex workflows and runbooks for any security or operational task.
Offers Chronicle SOAR (formerly Siemplify) as part of its security operations suite. The platform uses playbook-driven automation to orchestrate and manage the entire incident response lifecycle.
A pure-play security automation company that provides a low-code platform for creating and managing runbooks. Their technology is designed to adapt to any security process and integrate with a wide array of tools.