Runbook
Definition
A technical execution document, sometimes used interchangeably with playbook but more precisely refers to the low-level commands and scripts used during a specific phase of response, such as the exact CLI commands to isolate a host. A playbook may reference one or more runbooks.
Related terms
- Decision gate
- A checkpoint within a playbook at which the responder must evaluate a condition, such as whether data exfiltration has been confirmed, and...
- Indicators of compromise (IoCs)
- Artefacts observed on a network or system that suggest an intrusion or malicious activity has occurred, such as unusual outbound connections, known-malicious...
- Playbook
- A documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ensure...
- SOAR
- Security Orchestration, Automation and Response. A platform that can execute playbook steps automatically, such as blocking an IP address or disabling a...
- Tabletop exercise
- A structured, discussion-based simulation in which team members walk through a hypothetical incident using the playbook as a guide, without touching live...
Explained in
- Developing and Using Incident Response PlaybooksA technical execution document, sometimes used interchangeably with playbook but more precisely refers to the low-level commands and scripts used during a spec...