Today’s cybersecurity landscape has distributed teams, analysts working remotely, and ever-evolving threats. In such a scenario, it is critical for security tools to have versioning control. The ability to revert to an older version of a response playbook provides a necessary fail safe; complete source and personnel tracking improves transparency and team coordination; finally, having robust version logs also helps with due diligence requirements.
Being cognizant of how important versioning is, Demisto v3.0 is now fully versioning and rollback capable. Let’s take a quick look at the new versioning control feature in Demisto’s roster.
When you’re working on a playbook, there are two methods of saving it. You can save it normally (with the save icon button) and have it overwrite the previous version automatically. Or you can save the playbook as a version by clicking the ‘Save Version’ button: quite preferable when you want other team-members to see the playbook’s evolution trail as well as if you want a safety net in case there are any mishaps with later playbook versions.
The snapshot below shows how to save a playbook version:
You can view a log of a particular playbook’s versions along with explanatory comments as shown in the snapshot below:
If you want a higher-level view of how all playbooks have changed with time, it is possible to view the version history of all playbooks as shown below:
An important thing to note – both for a particular playbook and across all playbooks – is the wide range of information the respective logs display. As the screenshot below shows, you can view the playbook name and attached comments, the playbook version’s status (modify, delete, and so on), the date and time stamp, and the user details of whoever changed that playbook version. You can also restore the playbook to any previously modified version and restore a deleted playbook from this window.
You can almost think of this as multiple save files for your favorite video game, each save file denoting the level you reached, difficulty level, and other salient details. If you get stuck on a particular run-through, just load another file!
Other Versioning Capabilities
Apart from playbooks, versioning capabilities have also been built-in for automation scripts and custom third-party integrations in Demisto v3.0. The feature works and looks exactly the same as it does for playbooks, allowing you to save versions, view version details, and restore previous versions if required.
Here’s a snapshot of how you can view the version history for an automation script:
A few other versioning functionalities to consider:
- Markdown is supported while writing version comments. This allows you to write and format rich text, tables, headers, images, and links into your version history.
- Whenever you get a Demisto content update, you can restore this content to a previous version from the version history dialog box.
We hope you found this breakdown of Demisto v3.0’s versioning capabilities helpful. If you’re interested to know more, we invite you to view the video walk-through on our YouTube channel. If you are a Demisto customer, you can also visit the release notes on the Demisto Support portal.
If you are new to Demisto and interested in exploring the platform further, we invite you to sign-up for the Demisto Community Edition. All Demisto v3.0 features are available with full functionality in the Community Edition.