Skip to main content
Skip table of contents

My Second Playbook

LAST UPDATED: JAN 8, 2025

Event playbooks (now preprocessing playbooks) are used to automate preparatory tasks—deduplicating, enriching, filtering, and performing correlation—essential for enabling deeper analysis and subsequent incident response activities.

Creating a New Event Playbook

Frame 10.png

  1. Click on the Configuration navigational link.

  2. Click on the Event Playbook icon.

  3. Select the +Playbook button.

Frame 19 (13)-20241128-031447.png

  1. Enter a name for the playbook.

  2. Click on the OK button.

The system automatically redirects you to the newly created playbook, allowing you to begin building your workflow.

image-20241128-012033.png

Adding Playbook Tasks

  1. Drag and drop a Data Formatter task onto the On Event Ingestion trigger.

    Animation drag data formatter.gif

  2. Enter a name for this playbook task to enable easy identification

    Animation rename data formatter.gif

  3. Drag a Create Incident Command task onto the previous Data Formatter.

    Animation drag command.gif

    1. Click on the Command task within the task menu to render the command selection modal.

    2. Click on the Utility Commands tab.

    3. Type Create Incident within the search field.

    4. Drag the Create Incident task outside the command selection modal, then onto the Data Formatter task.

  4. Click on the newly added Create Incident command task to render its configuration pop-up, for simplicity, we configured the first five input parameters as example.

    Frame 23.png

Implementing Workflows in the Playbook

Within the playbook, users can design and build workflows tailored to specific requirements by using drag-and-drop tasks from the task menu.

Using the Task Menu

Exploring Task Options

  1. Hover over a task in the bottom task menu to preview its name and description.

  2. Click the three-dot icon to view additional tasks that are not immediately visible.

Animation show menu bar.gif

Managing the Task Menu

  • To hide the task menu, click on the arrow button at the bottom.

  • To unhide the task menu, click on the arrow button again.

Animation.gif
Additional Information on Task Types

ADDITIONAL RESOURCES

For first-time users, it is recommended to begin with simpler tasks like the Command Task and gradually explore advanced tasks like REST API Task or Merge Task to understand their capabilities.

CAUTION

Avoid building workflows with unnecessary or redundant tasks, as this can impact system performance. Use only the tasks that align with your workflow requirements.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close