# Playbooks The dashboard integrates with the correlation rules, providing management of responses to security incidents. Through a paginated list, the dashboard allows for the addition, editing, deletion, and activation of playbooks in an intuitive and organized manner. The ability to activate or deactivate playbooks as needed ensures that responses to incidents are prompt.

*** ## Creating a Playbook ### Identification * **Nome:** Must be descriptive, clearly reflecting the purpose and scope of the playbook. * **Visibilidade:** 1. **DEFAULT:** This category includes general use playbooks. They are designed to be applicable in a wide range of scenarios and companies. 2. **ADVANCED:** Playbooks in this category are customized for the specific needs of a company. They are detailed and focused on particular scenarios, reflecting the policies, infrastructure, and specific security risks of the company.

*** ### Phases of Incident Response It is possible to manage treatment steps for each of the incident response phases, as outlined by the most renowned market frameworks, with the possibility of assigning the responsibility of the stage to the MSP or the company. The stages are: 1. **Preparation:** Prepare the incident response team to efficiently deal with potential threats. (E.g., Team training, creation and updating of documentation). 2. **Identification:** The first active response stage, where the veracity of the incident is determined. Detailed analysis to confirm whether the incident is a false positive or a real threat. 3. **Containment:** Implemented only if the incident is confirmed. Execute measures to prevent the spread of the threat (e.g., isolation of systems or network segmentation). 4. **Eradication:** Identify and eliminate the root cause of the incident (e.g., Removal of malware, correction of vulnerabilities, and strengthening of security controls). 5. **Recovery:** Take the necessary measures to return the environment to normal operation (e.g., Verification of system integrity, data restoration from backups, and post-recovery monitoring).

*** ### Lessons Learned Reserved space to describe strategies in the post-incident analysis to identify improvements in the playbook and security practices.

*** ### Comments Space for the security team to leave notes and important observations about the playbook.

*** ### Versioning Space to document the revision with each update of the playbook, providing a detailed history and an audit trail. {% hint style="danger" %} Whenever the playbook is updated, it is necessary to provide a description of the new version. {% endhint %}

*** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/response/rules/playbooks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.