Contents x
Multi-Environment Orchestration: Executing Playbook Apps Through a Firewall
  • 18 Mar 2024
  • 2 Minutes to read
  • Print
  • Dark
    Light
Contents

Multi-Environment Orchestration: Executing Playbook Apps Through a Firewall

  • Updated on 18 Mar 2024
  • 2 Minutes to read
  • Print
  • Dark
    Light
Article Summary

Overview

Multi-environment orchestration allows ThreatConnect® users that have an Environment Server behind a firewall to use their instance to communicate with that server and run Playbook Apps and Services inside their firewall.

Note
System Administrators should refer to the “Multi-Environment Orchestration” section of ThreatConnect System Administration Guide for instructions on how to create an Environment in a ThreatConnect instance. Organization Administrators should refer to Playbook Environments for instructions on how to activate an Environment, download an Environment Server, configure an Environment Server to an Environment, and administer the Environment from within ThreatConnect.

Before You Start

Minimum Role(s)
  • System role of Administrator (for creating new Environments; enabling remote execution for Apps and Services; and creating and configuring, viewing, and administering Services on the ThreatConnect instance)
  • Organization role of Organization Administrator (for activating Playbook Environments and; configuring Environment Servers to Environments; and creating, viewing, and administering Services in your own Organization) 
  • Organization role of Standard User (for creating, editing, activating, and de-activating Playbooks)
Prerequisites
  • An Environment in your Organization that has been configured to an Environment Server
  • Remote execution enabled for the external Playbook Apps and Services that are to be run inside the firewall

Enabling Remote Execution for an App

System Administrators can follow these steps to enable remote execution for an App on the TC Exchange™ Settings screen:

  1. Log into ThreatConnect with a System Administrator account.
  2. On the top navigation bar, hover over Settingsand select TC Exchange Settings. The Installed tab of the TC Exchange Settings screen will be displayed.
  3. Locate the desired App and click the vertical ellipsis in the Options column. A menu will be displayed.
  4. Toggle on the Allow Remote Execution slider in the menu.

Configuring Remote Execution for a Playbook App

  1. On the top navigation bar, click Playbooks. The Playbooks screen will be displayed.
  2. Create a new Playbook or open an existing one.
  3. Click the Menuicon at the upper-right corner of the Playbook App to verify whether remote execution is enabled for it, as detailed in the “Enabling Remote Execution for an App” section. If an Environment option is displayed (Figure 1), then remote execution is enabled.

    Graphical user interface, application Description automatically generated

     

  4. Select Environment from the menu displayed in Figure 1. A window like Figure 2 will be displayed for the App.Graphical user interface, text, application, email Description automatically generated

     

    • Remote Environment: Select the Environment from which the App is to be executed.
    • Click the SAVE button.

The EnvironmentIcon Description automatically generatedicon will now be displayed at the upper-left corner of the App. Hovering over the EnvironmentIcon Description automatically generatedicon will display the selected remote Environment from which the App is to be executed (Figure 3).

Diagram Description automatically generated with medium confidence

 

After the Playbook executes, Apps that executed remotely will be displayed in the Execution Graph pane on the Executions screen with the EnvironmentIcon Description automatically generatedicon at the upper-left corner of the Appand the remote Environment will be listed in the Execution Details pane on the Executions screen (Figure 4).

Graphical user interface Description automatically generated with low confidence

 

Configuring Remote Execution for a Service

  1. Log into ThreatConnect with an Organization Administrator or System Administrator account.
  2. On the top navigation bar, hover over Playbooks, and select Services. The Services tab of the Playbooks screen will be displayed.
  3. Create a new Playbook Service or open an existing one.
  4. Click the vertical ellipsisto the right of the desired Service and select Environment. The Environment window for that Service will be displayed (Figure 5).
    Note
    For Organization Administrators, the vertical ellipsiswill be displayed only for Services that they or another Organization Administrator in their Organization created.

    Graphical user interface, application Description automatically generated

     

    • Select the Environment from which the Service is to be executed.
    • Click the SAVE button.

Service Triggers that have been configured for remote execution will display an EnvironmentIcon Description automatically generatedicon at the upper-left corner of the Trigger when it is added to the Playbook Designer (Figure 6).

Graphical user interface, application, table, Excel Description automatically generated

 

ThreatConnect® is a registered trademark, and TC Exchange™ is a trademark, of ThreatConnect, Inc.

20064-01 v.06.A

Was this article helpful?
Related articles
What's Next
Company
Sales and Support
Follow Us
© 2012–2023 ThreatConnect, Inc. All Rights Reserved.