All of the fields available when defining a playbook task in Cortex XSOAR.
The following are the available fields when defining a playbook task. The fields that appear depend on the task type you select.
Manual Task Settings Fields
These fields are relevant for Standard tasks and Condition Manual tasks.
Name | Description |
---|---|
Default assignee | Assign an owner to this task. |
Only the assignee can complete the task | Stop the playbook from proceeding until the task assignee completes the task. By default, in addition to the task assignee, the default administrator can also complete the blocked task. You can also block tasks until a user with an external email address completes the task. |
Set task reminder | Define a reminder for the task, in weeks, days, or hours. |
Field Mapping
Map output from a playbook task directly to an incident field. You can map when you select an automation in a Standard or Conditional task.
Note
The output value is dynamic and is derived from the context at the time that the task is processed. As a result, parallel tasks that are based on the same output, might return inconsistent results.
In the Mapping tab, click Add custom output mapping.
Under Outputs, select the output parameter whose output you want to map. Click the curly brackets to see a list of the output parameters available from the automation.
Under Field to fill, select the field that you want to populate with the output.
Click Save.
Advanced Fields
Relevant for Standard Tasks that use an automation and Conditional tasks (Ask Tasks and automations).
Name | Description |
---|---|
Using | Determine which integration instance processes the script you select for this task. |
Extend context | Determine which information from the raw JSON you want to add to the Context Data. This must be entered as contextKey=RawJsonOutputPath. |
Ignore outputs | When selected, this takes the results from the Extend context field and overwrites existing output. |
Execution timeout (seconds) | Defines how long a command waits, in seconds, before it times out. |
Number of retries | Determines how many times the script attempts to run before generating an error. Default is 100 times. To change the default, add the following server configuration ( → → ):
|
Retry interval (seconds) | Determines the wait time (in seconds) between each execution of the script. Default is 800 seconds. To change the default, add the following server configuration ( → → ):
|
Indicator Extraction Mode | Determines whether to extract indicators from this task, and if so, which method. Valid values are:
Out of band: Indicators are enriched in parallel (or asynchronously) to other actions. The enriched data is available within the incident, however, it is not available for immediate use in task inputs or outputs since the information is not available in real time. |
Mark results as note | Select to make the task results available as a note. Notes are viewable in the War Room. |
Mark results as evidence | Select to make the task results available as evidence. Evidence is viewable in the War Room. |
Run without a worker | Select to execute this task without requiring a worker. When cleared, this task will only execute when there is a worker available. |
Skip this branch if this automation/playbook is unavailable | Select to enable the playbook to continue executing if an instance of the automation, playbook, or sub-playbook is not available. |
Quiet Mode | Determine if this task operates in Quiet Mode. When in Quiet Mode, tasks do not display inputs and outputs, nor do they extract indicators. Errors and Warnings are still documented. You can determine to turn Quiet Mode on or off for a given task or control Quiet Mode by what is defined at the playbook level. |
Details Fields
These fields apply to all tasks.
Name | Description |
---|---|
Tag the result with | Add a tag to the task result. You can use the tag to filter entries in the War Room. |
Task Description (Markdown supported) | Provide a description of what this task achieves. You can enter objects from the context data in the description. For example, in a communication task, you can use the recipient’s email address. The value for the object is based on what appears in the context every time the task runs. |
Timer Fields
Relevant for all fields.
Name | Descriptions |
---|---|
Start | Determine which action to take when the timer is triggered. Valid values are: Start, Stop, and Pause. |
Select timer field | Select the field on which the timer is applied. |
Message Body Fields
These fields are relevant for Data Collection and Ask tasks.
Field | Description |
---|---|
Ask by | The method for sending the message and survey. If you deselect Email, the Task Only method is enforced, meaning users can complete the survey from the Work Plan. |
To | The message and survey recipients. There are several ways to define the recipients. User role: Click inside the field to select a user role. All users assigned to the role will receive the message and survey. Email address: Manually type email addresses for Cortex XSOAR users and/or external users. Context: Click the context icon to define recipients from context data. |
Subject | The message subject that displays to message recipients. You can make the survey question the subject, but if you don't write the question here, you should write the question in the message body field. |
Message body/Message | The text that displays in the body of the message. Although this field is optional, if you don't write the survey question in the Subject field, you should include it in the message body. This is a long-text field. |
Reply Options | The answers that display in the message, which users can select directly from the message. |
Require users to authenticate | Enables you to use SAML or AD to authenticate the recipient before answering. You must set up an authentication automation. For more information about SAML see SAML 2.0. |
Set task reminder | The schedule, in weeks, days, or hours, to resend the message and survey to recipients before. |
Timing Fields
These fields are relevant for a Condition Ask task and a Data Collection task.
The configuration options in the Timing tab define the frequency that the message and survey are resent to recipients before the first response is received, and the task SLA.
Field | Description |
---|---|
Retry interval (minutes) | Determine the wait time between each execution of a command. For example, the frequency (in minutes) that a message and survey are resent to recipients before the response is received. |
Number of retries | Determine how many times a command attempts to run before generating an error. For example, the maximum number of times a message is sent. If a reply is received, no additional retry messages will be sent. |
Task SLA | Define the deadline for the task, in weeks, days, or hours. |
Complete and expire automatically if (Data Collection task) | Choose to configure either of the following options, so that either one will trigger a stop to the playbook:
|
Complete automatically if SLA passed without a reply (Ask task) | Select this checkbox to complete the task if the SLA is breached before a reply is received. You can select yes or no. |
Question Fields
Relevant for Data Collection tasks.
Stand-alone Questions
Field | Description |
---|---|
Question | A question to ask recipients. |
Answer Type | The field type for the answer field. Valid values are:
|
Mandatory | If this checkbox is selected for a question, survey recipients will not be able to submit the survey until they answer this question. |
Help Message | The message that displays when users hover over the question mark help button for the survey question. |
Placeholder | The empty value text that displays in the question's answer field. |
Field-based Questions
Field | Description |
---|---|
Question | The question that displays before the field for users to complete. This field doesn't necessarily need to be a question, it can also be a descriptive sentence explaining how users should complete the field. |
Field associated with this question | The field associated with the question will automatically take all the parameters from the field definition, unless otherwise defined. |
Mandatory | If this checkbox is selected for a question, survey recipients will not be able to submit the survey until they answer this question. |
Help Message | The message that displays when users hover over the question mark help button for the survey question. |