Overview of cases - Understand how cases work in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Playbooks: This component (under Investigation & Response → Automations) must be set to Enabled first. Role-level permissions determine your ability to create new playbooks or edit those marked as Public. Specific access to individual custom playbooks and scripts is managed at the object level. For detailed information on the access model, see Access to playbooks.

Cases and Issues: Once Playbooks are enabled, you can set Cases and Issues (under Cases & Issues) to View or View/Edit. This is also required to view the results of playbooks executed within a case.