Home
CMC
Administrator Guide
Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
Administration
Settings
Alert playbooks
Alert playbooks overview
An explanation of alert playbooks.

CMC
- Introduction
  An overview of the Central Management Console (CMC).
- Installation Guide
  Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
- Administrator Guide
  Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - Settings
      - Security control panel
        The Security control panel page shows an overview of the current status of the learning process and lets you configure the features that manage the: learning, security profile, zones, alerts tuning, and alert closing options.
      - Features control panel
        The Features control panel page shows an overview of the current status of system features configuration and lets you fine tune specific values.
      - Users management
        The Users management page shows all the pages that you need to let you manage authentication and authorization policies for users and groups.
      - CLI
        The CLI page lets you change configuration parameters and perform troubleshooting activities.
      - Dashboards
        The Dashboards page lets you create and configure widget-based dashboards that provide information about your network. The dashboards created here will show on the Guardian home page, and give an overview of the monitored environment.
      - Threat Intelligence
        The Threat Intelligence page lets you manage packet rules, YARA rules, Sigma rules, structured threat information expression (STIX) indicators and vulnerabilities to provide detailed threat information.
      - Data model
        The Data model page lets you create a custom field to the Nodes (All-In-One CMC only) and Assets tables. A custom field lets you add information that might be relevant to your organization, and cannot be extracted from network traffic.
      - Data integration
      - Credentials manager
        The Credentials manager is a tool that lets you centralize the management of monitored endpoints to make it easier to create, delete, or update the credentials that are needed to access those endpoints.
      - Zone configurations
        The Zone configurations page shows all the zone configurations in your environment and lets you add new zone configurations and edit them.
      - Synchronization settings
        The Synchronization settings page lets you customize the parameters related to upstream or downstream machines.
      - Alert playbooks
        Alert playbooks overview
        An explanation of alert playbooks.
        Alert playbooks
        The Alert playbooks page shows a list of all the alert playbooks.
        Create an alert playbook
        You can use the Alert playbooks page to create a new alert playbook.
        Edit an alert playbook
        After an alert playbook has been created, you can edit the details.
        Delete an alert playbook
        You can use the Alert playbooks page to delete an alert playbook.
    - System
- User Guide
  Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Central Management Console (CMC), to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for the Central Management Console (CMC).

Alert playbooks overview

An explanation of alert playbooks.

Alert playbooks are a set of instructions that guide you on how to take the correct action when an alert is raised.

An alert playbook describes the actions, tasks and other guidelines that users should follow when an alert is raised. You use an alert rule to assign an alert playbook to a specific alert. When that type of alert is raised, the alert rule that matches will insert a copy of the alert playbook into the alert.

Alert rules can use different matching criteria to assign the same alert playbook to multiple different alerts types. For more details, see Configure an alert

Once an alert playbook is visible on a triggered alert (from the Alerts panel), you can modify it without affecting the original. This is typically used to add notes for the specific alert, or to mark completed actions.

Note: When you create an alert playbook, or an alert rule in Central Management Console (CMC)/Vantage, it will be propagated to all the connected sensors.