Mastering Playbook Templates in FortiAnalyzer

Questions and Answers

Which of the following is true about playbook templates in FortiAnalyzer?

Playbooks created from templates cannot be customized

Playbooks created from templates can only perform specific tasks

Playbooks created from templates can be customized to fit your needs (correct)

Playbooks created from templates can only be customized by SOC analysts

How can you create a new playbook from a template in FortiAnalyzer?

Click New, then Template

Click Playbook, then Create New (correct)

Click New, then Playbook

Click Template, then Create New

What can you do to customize a playbook created from a template in FortiAnalyzer?

You can only remove tasks from the playbook

You can only add tasks to the playbook

You can remove or customize tasks to meet your needs (correct)

You can only configure the trigger of the playbook

What is required for a report to be run as a task in a playbook in FortiAnalyzer?

All of the above

Which of the following tasks can be performed using playbook templates in FortiAnalyzer?

All of the above

What happens when a playbook is triggered in FortiAnalyzer?

All of the above

What is the purpose of customizing playbook settings in FortiAnalyzer?

To add or remove tasks to meet your needs

What is the first step to create a new playbook from a template in FortiAnalyzer?

Click Playbook

What is automatically populated in the playbook designer when creating a new playbook from a template in FortiAnalyzer?

The tasks

What is the purpose of running a report as a task in a playbook in FortiAnalyzer?

To attach the report to the incident

Which of the following is the recommended action for distinguishing between different playbooks in FortiAnalyzer?

Edit the names and descriptions of the new playbooks

How can you add new tasks to a playbook in FortiAnalyzer?

Click and drag the connector tabs attached to the current tasks or the trigger

What must you do after creating a new playbook in FortiAnalyzer?

Save the changes

What can you do if none of the templates serve your needs in FortiAnalyzer?

Create a playbook from scratch

What is the purpose of output variables in FortiAnalyzer playbooks?

To use the output from a preceding task as an input to the current task

What is the format of an output variable in FortiAnalyzer playbooks?

S{task_id.output}

What is the purpose of trigger variables in FortiAnalyzer playbooks?

To use information from the trigger of a playbook

What is the format of a trigger variable in FortiAnalyzer playbooks?

${trigger.variable}

What is the purpose of adding filters to a playbook in FortiAnalyzer?

To reduce the processing of unneeded data

What can cause a newly created playbook in FortiAnalyzer to fail to run?

FortiAnalyzer needing a few minutes to parse it

Study Notes

Playbook Templates in FortiAnalyzer

• FortiAnalyzer allows users to create new playbooks from templates
• Users can customize playbooks created from templates
• Report files are required to run as tasks in playbooks
• Tasks that can be performed using playbook templates include creating reports, sending notifications, and triggering alerts
• When triggered, playbooks execute tasks in sequence, pausing if necessary, until completion
• Customizing playbook settings enables the alignment of playbooks with specific needs
• The first step in creating a new playbook is to select a template
• Selecting a template in FortiAnalyzer automatically populates the playbook designer
• Running reports as tasks in playbooks enables the automation of repetitive tasks
• To distinguish between playbooks, users should assign unique names and descriptions
• New tasks can be added to playbooks by dragging and dropping task icons
• After creating a playbook, review and test it to ensure it meets requirements
• If none of the templates serve your needs, users can create a new playbook from scratch
• Output variables enable the reuse of data within playbooks
• Output variables are formatted as $variable_name
• Trigger variables initiate playbook execution upon detection of specific events
• Trigger variables are formatted as %variable_name
• Adding filters to playbooks enables users to specify which data to include or exclude
• Failure to configure triggers or tasks properly can cause a newly created playbook to fail to run

Description

Test your knowledge on creating playbooks from templates in FortiAnalyzer. Learn how to customize playbook templates to fit your needs and perform tasks such as investigating compromised host incidents and critical intrusion incidents.