Use an out-of-the-box playbook, create a new playbook, or customize an existing one based on your organization's needs.
Customizing a playbook helps you automate tasks to match your needs, making workflows more efficient, accurate, and easier to integrate with your existing processes.
You can customize your playbook to do the following.
Custom action | Description |
|---|---|
Customize the name of the SOC that appears in the survey header. | |
Playbooks can be divided into two categories, depending on their use.
| |
Field mapping | You can map output from a playbook task directly to an incident field. This means that the value for an output key populates the specified field per incident. This is a good alternative to using a task with a set incident command. You can map when you select a script in a Standard or Conditional task. For more information, see Create a standard task. |
Filters extract relevant data to help focus on relevant information and discard irrelevant or unnecessary data. Transformers take one value and transform or render it to another value or format. | |
Perform specific automated actions using commands that are also used in playbook tasks and in the War Room. Configure script error handling. | |
Extract indicators from incident fields and enrich them using commands and scripts defined for the indicator type. | |
Save additional data from the raw response of commands that return data. | |
Use the setIncident script in a playbook task to set and update incident fields. | |
Configure a playbook to stop and wait for a process to complete on a third-party product, and continue when it is done. |