Customize your playbook to extract indicators, extend context, add incident fields, filter and transform data, run scripts, and perform triggered actions, sub-playbook loops, and polling.
You can customize your playbook to do the following.
Custom action | Description |
---|---|
Sub-playbooks are playbooks that are nested under other playbooks. | |
Filters extract relevant data to help focus on relevant information and discard irrelevant or unnecessary data. Transformers take one value and transform or render it to another value or format. | |
Perform specific automated actions using commands which are also used in playbook tasks and in the War Room. Configure script error handling. | |
Extract indicators from alert fields and enrich them using commands and scripts defined for the indicator type. | |
Save additional data from the raw response of commands that return data. | |
Use the setAlert script to set and update all system alert fields. | |
Create conditions so if an alert with specific characteristics is created, a suitable response is issued via a playbook. | |
Configure a playbook to stop and wait for a process to complete on a third-party product, and continue when it is done. |