Task 1. Choose from out-of-the-box playbooks or customize your own - Use an out-of-the-box playbook, create a new playbook, or customize an existing one based on your organization's needs. - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Search for an out-of-the-box playbook

Search for a playbook that is included out-of-the-box with Cortex XSOAR or after downloading from Marketplace.

In the Cortex XSOAR Playbooks page, use free text in the search box to search for playbooks. You can search using part or all of the playbooks' names or description. You can also search for an exact match of the playbook name by putting quotation marks around the search text. For example, searching for "Block Account - Generic" returns the playbook with that name.

Search for more than one exact match by including the logical operator "or" in-between your search texts in quotation marks. For example, searching for "Block Account - Generic" or "NGFW Scan" returns the two playbooks with those names. Wildcards are not supported in free text search.

Customize an out-of-the-box playbook

When installing a playbook from a content pack, by default, the playbook is attached, which means that it is not editable (apart from some input values).

To edit the playbook, you need to detach or make a duplicate. While it is detached, the playbook is not updated by the content pack. This may be useful when you want to update the playbook without breaking customization. If you want to update the playbook type through content pack updates, you need to reattach the playbook, but any changes are overridden by the content pack on upgrade. If you open an attached playbook in a tab, it can be detached from within the editor page.

If you want to keep the changes, duplicate the playbook before reattaching it.