Best practices for working with playbooks.
We recommend the following practices to ensure your playbooks run optimally.
Use the Use Case Builder to Define Your Use Case
The Use Case Builder content pack helps you streamline the use case design process, including building your playbook. It contains tools to help you measure and track use cases through your automation journey and quickly autogenerate OOTB playbooks and custom workflows.
For a detailed example of designing and building a use case, watch this video series.
Use Quiet Mode
Run playbooks in quiet mode to reduce the incident size and execute playbooks faster. For playbooks running in jobs, indicator enrichment should be done in quiet mode.
Limit Indicator Extraction
When configuring your integration, set indicator extraction to none and extract indicators only in specific tasks where required.
Break up Large Playbooks into Sub-Playbooks
If playbooks have more than thirty tasks, break the tasks into multiple sub playbooks. Sub playbooks can be reused, can be managed easily when upgrading, and make it easier to follow the main playbook.
Update Automations
Update automations and integration commands in playbook tasks to their most current version. Automations that have updates are designated by a yellow triangle.
 |
Note
When an automation is deprecated, it is not removed from Cortex XSOAR or stop playbooks running with an error.
Remove Unused Playbook Tasks
For production playbooks, remove playbook tasks that are not connected to the playbook workflow.
Optimize Parallel Automation Runs
When an automation runs, a worker is used. The number of configured workers determines the maximum number of automations that can run in parallel. By default, the number of workers on a Cortex XSOAR instance is 4 x the number of CPU cores. For example, for 8 CPU cores, there are 32 configured workers.
Tip
Check worker status using the /workers/status/ endpoint. For example, https://example.demisto/workers/status.