Playbooks - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Cortex XSOAR playbooks enable you to organize and document security monitoring, orchestration, and response activities.

Playbooks are at the heart of the Cortex XSOAR system, and enable you to automate many security processes, including handling investigations and managing tickets. You can structure and automate security responses that were previously handled manually. For example, you can use playbook tasks to parse the information in the incident, whether it is an email or a PDF attachment. You can interact with users in your organization using communication tasks, or remediate an incident by interacting with a third-party integration.

Playbooks have different task types for each of the actions you want to take. Manual tasks can be used where an analyst needs to confirm information or escalate an incident. Conditional tasks can be used with a loop to check if certain information is present, so that you can proceed with the investigation. Playbook tasks can open tickets in a ticketing system, such as Jira, detonate a file using a sandbox, etc.