Customize your playbook to extract indicators, extend context, add incident fields, filter and transform data, run scripts, and perform triggered actions, sub-playbook loops, and polling.
You can customize your playbook to do the following.
Custom action | Description |
---|---|
Customize the name of the SOC that appears in the survey header. | |
Sub-playbooks are playbooks that are nested under other playbooks. | |
Filters extract relevant data to help focus on relevant information and discard irrelevant or unnecessary data. Transformers take one value and transform or render it to another value or format. | |
Perform specific automated actions using commands which are also used in playbook tasks and in the War Room. Configure script error handling. | |
Extract indicators from incident fields and enrich them using commands and scripts defined for the indicator type. | |
Save additional data from the raw response of commands that return data. | |
Use the setIncident script in a playbook task to set and update incident fields. | |
Configure a playbook to stop and wait for a process to complete on a third-party product, and continue when it is done. |