Many systems operating in a computer data center environment are extremely sensitive due to the importance of the services they provide. It is crucial to maintain them in constant operation without service disruption and achieve the triad pyramid of security (CIA). The logs of security events correlated from multiple channels in a live mode, either from the SIEM agents, IDS, IPS, antivirus, or any security feeders to a single monitor dashboard, show the incidents on each device separately. The gap in the previous models is that there are no unique measures on the security devices chain. This study seeks to provide the best level of security for the systems and programs operating in the data centers that write data logs about all events for auditing and information security purposes. A novel security procedural model, grounded in the playbook framework, was introduced for implementation within the feeders chain. The Playbook concept ensures that all systems have an orchestration workflow that allows them to play harmonic rules between them. After applying the new model, we observed a 0.35 increase in whole IDS and a decrease in false positives compared to the previous IDS/IPS.