Spaces:
Sleeping
Sleeping
File size: 639 Bytes
ddd9009 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
def run_playbook(alert):
action = alert.get("Action", "").lower()
ip = alert.get("Source IP", "Unknown")
if "block ip" in action:
return f"🔒 Simulated: Blocking IP {ip} in firewall"
elif "quarantine" in action:
return f"🛡️ Simulated: Quarantining host {ip} via EDR"
elif "escalate" in action or "alert" in action:
return f"📢 Simulated: Escalating alert for {ip} to Tier-2 SOC"
elif "no action" in action or "benign" in action:
return f"✅ Simulated: No action needed for {ip}"
else:
return f"⚙️ Simulated: Generic action executed for {ip}"
|