Playbook task fields - Playbook Design Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Playbook Design Guide

Product
Cortex XSIAM
Creation date
2023-05-29
Last date published
2024-09-01
Category
Playbook Design Guide
Abstract

All of the fields available when defining a playbook task in Cortex XSIAM. Playbook task fields.

This page lists all of the fields that are available when defining a playbook task. The fields that appear depend on the task type you select.

Manual task settings fields

These fields are relevant for Standard tasks and Conditional Manual tasks.

Name

Description

Default assignee

Assign an owner to this task.

Only the assignee can complete the task

Stop the playbook from proceeding until the task assignee completes the task. By default, in addition to the task assignee, the default administrator can also complete the blocked task. You can also block tasks until a user with an external email address completes the task.

Task SLA

Set the SLA in granularity of weeks, days, hours, and minutes.

Set task Reminder at

Set a reminder for the task in granularity of weeks, days, hours, and minutes.

Choose a script to run in the playbook

From a drop down list, select a script for the playbook to run. In the following tabs you can set:

Advanced field

This field is relevant for Standard tasks that use a script and Conditional tasks (Ask tasks and scripts).

Name

Description

Quiet Mode

Whether this task uses the playbook default setting for Quiet Mode. When in Quiet Mode, tasks do not display inputs and outputs, nor do they extract indicators. Errors and Warnings are still documented. You can determine to turn Quiet Mode on or off for a given task or control Quiet Mode by what is defined at the playbook level.

Details fields

These fields apply to all tasks.

Name

Description

Tag the result with

Add a tag to the task result. You can use the tag to filter entries in the War Room.

Task description (Markdown supported)

Provide a description of what this task achieves.

You can enter objects from the context data in the description. For example, in a communication task, you can use the recipient’s email address.

The value for the object is based on what appears in the context every time the task runs.

Message body fields

These fields are relevant for Data Collection and Ask tasks.

Field

Description

Ask by

The method for sending the message and survey. Options are:

  • Task (can always be completed directly in the workplan)

  • Generated link (appears in the context data)

  • Email

To

The message and survey recipients. There are several ways to define the recipients.

Email address: Manually type email addresses for users and/or external users.

Context: Click the context icon to define recipients from context data.

CC of the email

A CC email address.

Subject of the email

The message subject that displays to message recipients. You can make the survey question the subject, but if you don't write the question here, you should write the question in the message body field.

Message body

The text that displays in the body of the message. Although this field is optional, if you don't write the survey question in the Subject field, you should include it in the message body. This is a long-text field.

Questions fields

Relevant for Data Collection tasks.

Stand-alone questions

Field

Description

Web Survey Title

The title displayed for the web survey.

Short Description

A description displayed aboved the questions on the web survey.

Question

A question to ask recipients.

Answer Type

The field type for the answer field. Options are:

  • Short text

  • Long text

  • Number

  • Single Select (requires you to define a reply option)

  • Multi select/Array (requires you to define a reply option)

  • Date picker

  • Attachments

Mandatory

If this checkbox is selected for a question, survey recipients will not be able to submit the survey until they answer this question.

Reply Options

Survey response options. Default values: Yes, No.

Set First option is default to make that response the default.

Help Message

The message that displays when users hover over the question mark help button for the survey question.

Timers field

This field is relevant for a Standard task and a Conditional task.

The configuration option in the Timers tab defines the trigger for starting, stopping, or pausing sending the message and survey to recipients.

Field

Description

Timer.start

The trigger for starting to send the message and survey to recipients. You can change this trigger or add a trigger for Timer.stop or Timer.pause.

Select the trigger timer field from the drop down.

Timing fields

These fields are relevant for a Condition Ask task and a Data Collection task.

The configuration options in the Timing tab define the frequency that the message and survey are resent to recipients before the first response is received.

Field

Description

Retry interval (minutes)

Determine the wait time between each execution of a command. For example, the frequency (in minutes) that a message and survey are resent to recipients before the response is received.

Number of retries

Determine how many times a command attempts to run before generating an error. For example, the maximum number of times a message is sent. If a reply is received, no additional retry messages will be sent.

Complete and expire automatically if (Data Collection task)

Choose to configure either of the following options, so that either one will trigger a stop to the playbook:

  1. Reached task SLA (with or without a reply)

  2. Received X number of replies

Complete automatically if SLA passed without a reply (Ask task)

Select this checkbox to complete the task if the SLA is breached before a reply is received. You can select yes or no.

On error

These fields are relevant for Standard tasks that use a script and Conditional tasks (Ask tasks and scripts). They configure how the task behaves if there is an error.

Field

Description

Number of retries

How many times the task should retry running if there is an error. Default is 0.

Retry interval (seconds)

How long to wait between retries. Default is 30 seconds.

Error handling

How the task should behave if there is an error. Options are:

  • Stop

  • Continue

  • Continue on error path(s)

    This option configures the task to handle potential errors that may occur when executing the current task's script.