Security playbook

Sqreen provides you with built-in playbooks to help you get started as fast as possible.

You can also create your own, based on custom events (tracked via our SDK) or the ones Sqreen automatically tracks based on your apps' traffic.

Visit your Sqreen dashboard to get started.

What's a security playbook?

A playbook is made of 3 elements:

  1. A trigger.
  2. Security response(s).
  3. Notifications.



The playbook's trigger represents the conditions for the plugin to raise an alert.

The trigger is made of:

  • An event (built-in or custom) filtered by conditions (optional) to monitor.
  • A detection method (threshold only for now) to apply.
  • A period of time.
  • A type of actor (IP / user account).

Tracking events

Refer to your technology guide to learn how-to track your first custom events:

Finding the right threshold

When using the threshold based detection, it's often tricky to set the threshold to the right value.

Using the Event Explorer, you can quickly visualise the event trend and determine what an usual volume of activity represents for your use-case.


Security Response

security response

Sqreen libraries contains code to dynamically change your app behavior for supicious actors (IP and/or user accounts).

Security responses can be applied for a pre-defined duration (5 minutes to 24 hours).

You can always remove any live security response from your Sqreen dashboard.

By default critical IPs don't trigger on a playbook. A critical IP is an IP that is either private or coming from a public load balancer of the most famous cloud providers. This behavior can be changed with the setting Allow Playbooks to block attacks from critical IPs in your application settings

What blocked IP or user will see

Blocked IP or user visiting your application will see this page.

If you're willing to display a custom page instead, we recommand you to use the redirect security response.


Interested in customising this page? Contact us!



Whenever a live playbook triggers, Sqreen can notify you immediately by email or through Slack. See how to setup Slack in your account.