Obtain playbook metadata - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

Analyze Cortex XSIAM playbook metadata for troubleshooting custom playbooks. getInvPlaybookMetaData command

You can analyze playbook metadata such as tasks input and output, the amount of storage each task input/output uses, and the type of task. This is useful when troubleshooting your custom playbook if your system has slowed down and is using high CPU usage, memory, or storage (disk space).

After an incident has been assigned to a playbook you can analyze it to see its tasks inputs/outputs storage. You can filter the data according to the KB used in each task input/output.

  • From the Incidents page, in the Incident War Room , run the following command.

    !getInvPlaybookMetaData incidentId=<incident ID> minSize=<size of the data you want to return in KB. Default is 10>

    For example, to view the playbook metadata that is used in incident number 964, type !getInvPlaybookMetaData incidentid=”964” minSize=”0”.