Categories
Workspace creation
Onboarding
Users management
Awareness
Policy
Training
Phishing
SaaS Security
Core concepts
Launching scans
Playbooks
Findings
Data protection
Notifications
Admins
Members
Settings
General information
Integrations
Languages
Security Q&A
Internal processes
Product scopes
Sources scans
Troubleshooting errors
Google Workspace: 400: admin_policy_enforced
elba
Articles

Playbooks

What are playbooks ?

Think of playbooks as your tireless security team that works 24/7.
While your employees sleep, travel, or focus on strategic work, playbooks automatically :

  • Notify relevant team members
  • Close file permissions
  • Delete third-party applications
  • Keep detailed records of all security activities to show compliance

Like having a security guard who never sleeps, never misses a detail, and works for free after initial setup - playbooks transform security from a reactive, manual process into an automated system that protects your organisation around the clock.


How do playbooks work ?

A playbook is a security workflow that consists of three core components.

1. Triggers & Exceptions ("When" & "Except with")

Playbooks activate when specific conditions are met, such as "when a Google Drive asset is shared externally"

Each trigger can have exceptions through an Allow-List, preventing the playbook from acting on approved cases.

2. Conditions ("And")

Additional criteria can refine when a playbook acts. For example, "Not accessed recently by object's owner" can be set to various timeframes (1-12 months), allowing you to target dormant files.

3. Actions ("Then")

Playbooks can perform two main types of actions:

  • Notify: Alert team members about security issues
  • Remediate: Automatically fix security issues (e.g., restricting sharing permissions) after a configurable delay (e.g., 2 weeks)


Playbook management & reporting

Playbooks operate in three states

  • Active: Running and performing configured actions
  • Inactive: Not running but retains configuration
  • Paused: Temporarily suspended

The platform tracks each playbook's impact through metrics

  • Number of issues detected
  • Users notified
  • Time saved through automation

Getting Started

  1. Connect a SaaS applications (e.g., Google Drive)
  2. Run an initial security scan
  3. Choose from pre-configured playbook templates
  4. Configure conditions and delays based on your security needs
  5. Monitor the dashboard for security insights and playbook performance

elba provides a library of recommended playbooks based on common security scenarios, which can be customized to match specific organisational requirements.

elba is the ultimate experience to secure your team in their daily work
Visit website
A question ? 
Write to: support@elba.security
Categories
Workspace creation
Awareness
SaaS Security
Notifications
Settings
Security Q&A
© 2023 Cyber Transition Inc. All rights reserved.