> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pleri.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Playbooks

> I use automated security playbooks to handle incidents, threats, and routine security tasks consistently and efficiently.

## What are security playbooks

Security playbooks are my automated response plans for handling security incidents and tasks. Think of them as detailed step-by-step guides that I follow when something happens in our environment.

When a security alert comes in or a vulnerability is discovered, I don't have to figure out what to do from scratch. Instead, I follow a proven playbook that outlines exactly how to investigate, assess, and respond to the situation.

## How I use playbooks

I run playbooks automatically when specific conditions are met, like when a new vulnerability is announced or when suspicious activity is detected. Each playbook includes:

* **Clear procedures** for investigating and responding to specific security scenarios
* **Automated tasks** like creating tickets, gathering context, and notifying teams
* **Consistent formatting** so every response follows the same structure
* **Risk assessment** to help prioritize what needs immediate attention
* **Remediation steps** with specific commands and verification methods

This means our security response is always consistent, thorough, and fast. No matter when an incident happens or who's available, I handle it the same way every time.

## Customizing playbooks

Each playbook can be customized to fit our specific needs. I can adjust:

* **Notification channels** - Send updates via Slack, email, or create tickets in Jira, Linear, or ClickUp
* **Filtering criteria** - Focus on production environments or specific asset types
* **Team routing** - Auto-assign based on tags, teams, or escalation rules
* **Response thresholds** - Set different actions based on risk levels or CVSS scores

Just let me know how you'd like any playbook modified, and I'll adapt it to work exactly how our team needs it to.

## Available playbooks

Here are a few playbooks examples:

<Columns cols={2}>
  <Card title="KEV discovery and analysis" icon="shield-exclamation" href="/guides/playbooks/kev-discovery-and-analysis">
    I monitor for Known Exploited Vulnerabilities across our cloud environment and create detailed Jira tickets with risk assessment and remediation guidance.
  </Card>

  <Card title="Vulnerability risk assessment" icon="bug" href="/guides/playbooks/vulnerability-risk-assessment">
    I analyze CVE vulnerabilities in their real cloud context to determine actual exploitability and risk rather than just theoretical severity scores.
  </Card>

  <Card title="Third party access" icon="users" href="/guides/playbooks/third-party-access">
    I map and analyze cross-account access to identify internal vs external third-party relationships and surface risky or stale access paths.
  </Card>

  <Card title="Weekly policy drift assessment" icon="clipboard-check" href="/guides/playbooks/weekly-policy-drift-assessment">
    I bridge the gap between your written Access Control Policy and actual cloud configuration by automatically checking for deviations and policy drift.
  </Card>
</Columns>
