Task 3. Add objects from the Task Library - Using the Task Library, add Quick Actions, scripts and commands, sub-playbooks, and tasks to customize or create a new playbook. - Administrator Guide

Task 3. Add objects from the Task Library - Using the Task Library, add Quick Actions, scripts and commands, sub-playbooks, and tasks to customize or create a new playbook. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-10

Task Library Object	Action	Possible task types	See More
AI Prompts	Add tasks containing a natural language AI prompt with inputs and outputs that interact with the Cortex Cloud built-in LLM as part of your automation.	AI Prompt	See topic.
Commands & Scripts	Add commands and scripts from integrations that you configure instances for as needed.	Standard task Conditional task	See topic.
Playbooks	Add sub-playbooks to your playbook from your Org repository or from the Playbooks Catalog.	Not relevant	See topic.
Manual Tasks	Add tasks from playbooks in your Org repository.	Standard task Conditional task Data collection task Section Header task	See topic.
Header	Add section headers to organize your playbook.	Section Header task	See topic.
Blank Task	Create a new task from scratch.	Standard task Conditional task Data collection task Section Header task	See topic.

Playbook task types

Playbooks have different task types for each action you want to take. When you add an object from the Task Library, you associate it with a task type in the Task Details pane.

The possible task types are:

Task type	Description
Standard	Standard tasks can be configured to prompt for a response, such as prompting an analyst to verify the severity or classification of an issue before proceeding with automated actions. They can also be automated tasks such as parsing a file or enriching indicators. Automated tasks are based on scripts that exist in the system. These scripts can be created by you or come out-of-the-box as part of a content pack. For example, the `!ad-get-user` command retrieves detailed information about a user account using the Active Directory Query V2 integration. You can also automatically remediate an issue by interacting with a third-party integration, open tickets in a ticketing system such as Jira, or detonate a file using a sandbox.
AI Prompt	AI tasks use natural language prompts to interact with the Cortex Cloud built-in LLM. You provide the inputs and the LLM generates the outputs. AI tasks enable your playbook to perform complex analysis, generate reports, create emails, and generate responses dynamically.
Conditional	Conditional tasks validate conditions based on values or parameters and take appropriate direction in the playbook workflow, like a decision tree in a flow chart. For example, a conditional task may ask whether indicators are found. If yes, you can have a task to enrich them, and if not you can proceed to determine that the issue is not malicious. Alternatively, you can use conditional tasks to check if a certain integration is available and enabled in your system. If yes, you can use that integration to perform an action, and if not, you can continue on a different branch in the decision tree. Conditional tasks can also be used to communicate with users through a single question survey, the answer to which determines how a playbook will proceed.
Data Collection	Data collection tasks interact with users through a survey, for example to collect responses or escalate an issue. All responses are collected and recorded in the issue context data, from a single user or multiple users. You can use the survey questions and answers as input for subsequent playbook tasks. You can collect responses in custom fields, for example, a grid field.
Section Header	Use a section header task to group related tasks to organize and manage the flow of your playbook. For example, in a phishing playbook you would have a section for the investigative phase of the playbook such as indicator enrichment, and a section for communication tasks with the user who reported the phishing. You can easily navigate playbooks and focus on the parts you need to work on by collapsing and expanding playbook sections. Collapsing sections provides a condensed view of the playbook flow, reducing visual clutter and enabling quick access to specific sections. Expanding sections allows you to view or edit specific parts of a playbook while keeping the rest of the playbook compact and maintaining focus on the relevant playbook details. You can also hover over a section header to highlight all tasks under the section and easily identify the section scope.

Playbook task icons

The different playbook tasks appear in the playbook editor with unique logos to more easily identify the task type and origin, for example third-party integration commands, built-in scripts and tasks, and tasks requiring manual inputs.

Task	Description
	Standard manual task An arrow with a light blue square background indicates a standard manual task. The following are kinds of standard tasks. Manual Standard task (no lightning bolt script logo): These tasks are used where usually it's not possible to automate them. You can add comments, assign them to an owner, and set a due date. The analyst who is responsible for the investigation needs to complete the task before the playbook can continue running. A user icon ( ) indicates the task requires manual inputs. Automated Standard task (with lightning bolt script logo): A single command or script that is set to automatically run when the playbook execution reaches this step. Some scripts need arguments in order to run - make sure to set them up properly. If left empty, the analyst who is responsible for the investigation will need to complete them so the script will run and the playbook can continue its execution. Automated Standard task (with Builtin logo): A single system command or script that is set to automatically run when the playbook execution reaches this step. Some scripts need arguments in order to run - make sure to set them up properly. If left empty, the analyst who is responsible for the investigation will need to complete them so the script will run and the playbook can continue its execution. Automated Standard task (with Multi Command logo): A generic single command or script that can be used with multiple integrations is set to automatically run when the playbook reaches this step. Some scripts need arguments in order to run - make sure to set them up properly. If left empty, the analyst who is responsible for the investigation will need to complete them so the script will run and the playbook can continue its execution.
	Conditional task A diamond icon in a purple square background indicates a conditional task used as a decision tree in your playbook. The following are kinds of conditional tasks. Manual conditional task. A user icon ( ) indicates the task requires manual input. Automated conditional task (with the lightning bolt script logo). Automated conditional task that uses a system script (with the Builtin logo).
	Data collection task / Communication task The speech bubble in a turquoise background indicates a data collection task. This task prompts the receivers to respond to a multi-question form and submit replies, even if they are not Cortex users. A user icon ( ) indicates the task requires manual input.
	Sub-playbook task The workflow icon in a blue background indicates that the task is a playbook nested within the parent playbook. You can view the playbook by opening the task and selecting Open sub-playbook. The red warning icon indicates the sub-playbook is not ready to use. Open it to review the errors.
	Task containing an error Scripts or sub-playbooks that have errors are designated by a red triangle. You need to open the script or sub-playbook to review the errors.
	Task containing a deprecated script or needs to be updated Scripts or sub-playbooks that have updates or are deprecated are designated by a yellow triangle. You need to update the scripts, integration commands, or sub-playbook tasks to their most current version.
	Set to skip For the debugger, when a task is set to skip, the skip icon will be orange.
	Breakpoint For the debugger, when the playbook reaches a breakpoint, the task has an orange line at the top to indicate the breakpoint.
	Overridden inputs or outputs For the debugger, when a task is set to have overridden inputs or outputs, the word Input or Output appears in orange.
	Pending/in queue task When the playbook starts to run, all tasks that are about to be performed are grayed out.
	Running/ in progress task A spinning circle inside the gray square indicates a running/in progress task.
	Completed task The green square indicates a completed task.
	Waiting task The orange square indicates that the task is pending action. If you hover over the icon in the top left corner, details about the reason the task is in waiting mode appear. The user icon ( ) indicates the task requires you to open it and manually mark it as complete. A speech bubble icon () indicates the task is waiting for a questionnaire to be completed.
	Failed task The red warning icon indicates that the automation failed to complete as expected and requires manual inspection and troubleshooting. Contact your Cortex Cloud administrator. If you hover on the icon in the top left corner, details about the specific problem appear. If a red warning icon is paired with the clock icon (), the task’s SLA is overdue.
	Skipped task The task will look faded to indicate it was not executed. This can happen if this task was set to be skipped when an error occurs, or if it is in a branch that was not executed if a condition wasn’t met.