Security playbook

Sqreen provides you with built-in playbooks to help you get started as fast as possible.

You can also create your own, based on custom events (tracked via our SDK) or the ones Sqreen automatically tracks based on your apps' traffic.

Visit your Sqreen dashboard to get started.

What's a security playbook?

A playbook is made of 3 elements:

  1. A trigger.
  2. Security response(s).
  3. Notifications.

Trigger

trigger

The playbook's trigger represents the conditions for the plugin to raise an alert.

The trigger is made of:

  • An event (built-in or custom) filtered by conditions (optional) to monitor.
  • A detection method (threshold only for now) to apply.
  • A period of time.
  • A type of actor (IP / user account).

Tracking events

Refer to your technology guide to learn how-to track your first custom events:

Finding the right threshold

When using the threshold based detection, it's often tricky to set the threshold to the right value.

Using the Event Explorer, you can quickly visualise the event trend and determine what an usual volume of activity represents for your use-case.

event-explorer

Security Response

security response

Sqreen libraries contains code to dynamically change your app behavior for supicious actors (IP and/or user accounts).

Security responses can be applied for a pre-defined duration (5 minutes to 24 hours).

You can always remove any live security response from your Sqreen dashboard.

What blocked IP or user will see

Blocked IP or user visiting your application will see this page.

If you're willing to display a custom page instead, we recommand you to use the redirect security response.

blocked-page

Interested in customising this page? Contact us!

Notifications

notifications

Whenever a live playbook triggers, Sqreen can notify you immediately by email or through Slack. See how to setup Slack in your account.