Customize your playbook - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-14
Category
Administrator Guide
Solution
Cloud
Abstract

Customize your playbook to extract indicators, extend context, add incident fields, filter and transform data, run scripts, and perform triggered actions, sub-playbook loops, and polling.

You can customize your playbook to do the following.

Custom action

Description

Customize the SOC name

Customize the name of the SOC that appears in the survey header.

Add a sub-playbook

Sub-playbooks are playbooks that are nested under other playbooks.

Filter and transform data

Filters extract relevant data to help focus on relevant information and discard irrelevant or unnecessary data.

Transformers take one value and transform or render it to another value or format.

Use scripts

Perform specific automated actions using commands which are also used in playbook tasks and in the War Room.

Configure script error handling.

Extract indicators

Extract indicators from incident fields and enrich them using commands and scripts defined for the indicator type.

Extended context

Save additional data from the raw response of commands that return data.

Set and update incident fields

Use the setIncident script in a playbook task to set and update incident fields.

Use playbook polling

Configure a playbook to stop and wait for a process to complete on a third-party product, and continue when it is done.