Add ad-hoc tasks to a Work Plan in Cortex XSOAR, for a specific iteration of a playbook.
Within the Work Plan, you can create tasks for a specific iteration of a playbook. The task type can be an automation or another playbook. For example, within a manual task, you might need to enrich some data and run an investigation playbook.
When you create a task, add a name, automation, and description. The name and description should be meaningful so that the task corresponds to the data that you are collecting.
In the Work Plan, go to the task where you want to add and click the + sign at the bottom right-hand corner of the task.
The ad hoc task is added after the task on which you clicked.
Select the task type.
Standard: Runs a single automation.
Playbook: Runs a playbook to enhance the investigation.
The playbook functions as any playbook would and requires you to define the inputs and outputs, as well as any other details.
Click Save.
To run the Work Plan again, click the Run again icon.
An example use case could be where you have a phishing investigation and the initial playbook run has parsed the email and extracted several indicators, including some email addresses.
As part of the manual investigation, you could use the Email Address Enrichment - Generic v2.1 playbook as an ad hoc playbook task to get more information about these email addresses.