---
title: Recorded Future High Severity Playbook Alert
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Recorded Future High Severity Playbook
  Alert
---

# Recorded Future High Severity Playbook Alert

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attack 
## Goal{% #goal %}

Detect high-severity Recorded Future Playbook Alerts that are either new or newly promoted ot high severity.

## Strategy{% #strategy %}

This rule monitors Recorded Future Playbook Alert events with `High` priority. It uses new value detection on `@metadata.playbook_alert_id` to generate a signal the first time each unique playbook alert is observed at that severity, avoiding duplicate signals when only minor changes are made to a playbook alert.

## Triage & Response{% #triage--response %}

1. Review the playbook alert ID `{{@metadata.playbook_alert_id}}`, and if necessary open the corresponding alert in the Recorded Future portal for full details.
1. Identify the specific playbook category (for example, identity intelligence, third-party risk, vulnerability intelligence) to understand the nature of the threat.
1. Determine the affected assets or entities in your organization referenced by the alert.
1. Escalate to the relevant team (security operations, vulnerability management, vendor risk) based on the playbook type.