Playbook development checklist - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Follow the playbook development flow to create playbooks that structure and automate many of your security processes.

The playbook development checklist follows the logical flow for developing a playbook.

playbook-development-flow-3.png

We recommend that you review the following steps to successfully implement your playbook.

Step

Details

See More

Step 1. Plan your playbook

During the initial planning stage when designing your use case, start defining the playbook flow.

Consider the process you want to automate and the steps and the decisions during the process. These steps and decisions become the playbook tasks.

See topic

Step 2. Develop your playbook

Consider whether to customize an existing playbook or create a new playbook from scratch. Create playbook tasks, inputs, and outputs. Maintain playbook versioning to keep track of playbook development history.

See topic

Step 3. Customize your playbook

Fine tune your playbook for your needs, including extracting indicators, extending context, and adding incident fields to the system.

See topic

Step 4. Debug your playbook

Debug errors in your playbook. Use playbook metadata to troubleshoot playbook performance.

See topic