‎Playbooks

Breadcrumbs

Breadcrumbs indicate the user's location within the platform and allow navigation to previous pages or modules by clicking the corresponding breadcrumb.

Concurrent Users

All users currently viewing or editing this playbook are displayed here by their initials.

Playbook Controls

This section displays the playbook's current view mode ( or ) and includes buttons for:

• Viewing the or status of the playbook

• Saving drafts without submitting

• Submitting a newer playbook (and rendering it live)

• Publishing the playbook to select sites

• Removing the playbook from all select sites

• Configuring user permissions

  • Viewer: Can test run the playbook; view the task configurations; view, clone, and export draft submissions; view command references; and access the playbook execution log

  • Editor: Includes all Viewer permissions, with additional capabilities to manage trigger visibility, configure tasks, save drafts, submit drafts, restore submissions, and delete the playbook.

  • Owner: Includes all Editor permissions, with additional capabilities to configure user permissions.

• Performing version history (all submissions) actions

  • Viewing submissions

  • Cloning submissions

  • Restoring submissions (overwrites the current draft)

  • Exporting submissions

Administrative Actions

Clicking on the vertical ellipsis button presents the following actions:

• Clone Playbook: Duplicates the current playbook under a new name, useful for testing variations

• Replace Playbook: Prompts the user to upload an XML file of another playbook, replacing all tasks beyond the root node.

• Delete Playbook: Deletes the playbook from the system

• View Execution Logs: Shows the playbook’s execution log

• Command References: Lists all integration commands and custom utility commands used in this D3 playbook (or utility command).

The editor visually represents all tasks in the playbook and their relationships, providing an overview of the workflow structure and includes a secondary action bar:

Feature	Description
Search	Highlights matching playbook nodes and displays the total count, helping users locate relevant tasks.
Show/Hide Overview	Toggles the visibility of the playbook overview.
Zoom In/Zoom Out	Allows zooming in and out of the playbook editor.
Zoom to Fit	Adjusts the view to display the entire playbook within the frame.
Export	Downloads a snapshot of the playbook ( or ) as a PNG file.
Refresh	Helps verify whether (queued tasks), (running tasks), or (pending tasks) are truly still in progress.
Organize Nodes	Organizes playbook nodes to improve readability. HEADS-UP Reorganizing the nodes means overwriting the current layout.
Show Local Shared Data	JSON data specific to a single playbook, shared among all tasks within that playbook. READER NOTE Run the Add Root Key for Local Shared Data command to add a JSON object.
Trigger Output Data	The JSON data—initially generated behind the scenes during field mapping and refined in the On Event Ingestion preprocessing workflow—that contain all necessary information to create a D3 event and determine whether to escalate or dismiss it.
Test Run	Opens a popover to test run the playbook. Preprocessing Playbook Testing Data - An upcoming ingestion that will not result in the creation of an event. Existing Event - An existing D3 event in its newly normalized form, as if it had just passed the Data Source node, ready for preprocessing. Investigation Playbook Test Trigger: Uses an incident (optional for the On Playbook Start / On Playbook Task Error triggers) to test particular triggers.
Stop Test Run	Terminates a playbook test run, clearing all execution progress and statuses.

See Playbook Execution History.

The task menu allows users to add tasks to the playbook editor.

Preprocessing Playbook Task Menu

Investigation Playbook Task Menu

READER NOTE

For a comprehensive list of playbook tasks and usage examples, refer to Playbook Tasks.

See Playbook Library.