Automation is a way to carry out repeatable processes in your system with as little manual effort as possible. Automation frees up time and resources to focus on tasks that require your attention.
Automation in Security Center
Up to Security Center 5.13, we used the following features to handle automation:
- Event-to-actions
- Scheduled tasks
- Manual actions and hot actions
- Threat level activation and deactivation
Starting with Security Center 5.13, the capabilities of event-to-actions and scheduled tasks are combined into a single entity called automation. The new automation entity offers greater flexibility, efficiency, and functionality.
If you’ve upgraded from an older version of Security Center, the old automation features still work. We offer a tool for converting the event-to-actions and scheduled tasks into automation entities. This way, you can immediately benefit from the new functionality without having to start from scratch.
Key benefits of automation entities
- Multiple events can be combined to trigger automations:
- Events can be combined using either AND or OR
- Events can be required to occur a specific number of times within a set timeframe
- Events can be required to occur in sequence within a set timeframe
- Conditional triggers based on event data
- Multiple response actions per automation
- Contextualized actions based on event data
- Inclusion or exclusion of multiple entities as event sources
- Greater control over when the automation can be triggered:
- Earliest and latest dates
- Active schedules and exception schedules
- Conditional reactivation periods
- Organization of automations by folders and partitions
- Improved system deployment time
- Map objects for automations
Current limitations
- Automatic load distribution is not supported. Automations must be manually assigned to roles.
- Audit trails for automations currently only indicate that a change occurred. They do not specify what changes were made to triggers and responses.
- Invalid settings are not always detected. Be prudent when configuring automations.
The Automation feature is still evolving and will be refined and enhanced in future releases. While not yet complete, the current feature offering can dramatically improve how you automate in Security Center. More importantly, it lays the foundations for more complex and powerful capabilities.