Playbook Canvas
The Playbooks interface, which is commonly referred to as Playbook canvas, uses the general flowchart algorithms to design a Playbook. The Playbook canvas offers an easy-to-use Playbook canvas to help you build logical workflows for your orchestration needs. Before creating a new Playbook, you must get familiar with the interface and the general flowchart elements supported by Playbooks . Define your workflow in this canvas with various nodes and other elements using a simple drag-and-drop facility.
Playbook Workflow Elements
The following flowchart elements are available as components or nodes to define your Playbook workflow:
Element | Image | Function | |||
Terminator |
| Represents the start of a Playbook workflow. | |||
Process | Playbook Action Node
App Action Node
Custom Action Node
| Represents an instruction or an action being carried out in the Playbook workflow. | |||
Arrows |
| Indicates the flow of a Playbook workflow. | |||
Decision | Condition Regular Node
Condition Custom Node
| Splits the Playbook workflow into multiple branches based on user set conditions. The first image represents a regular condition node. Use this node to add a list of conditions in the UI to define the way the Playbook branches. The second image represents a custom condition node. Use this node to add a customized Python script to define the way the Playbook branches. | |||
Input/Output |
| Allows you to enter the data or fetch data using dynamic expressions. | |||
Memory Node |
| Allows you to store data from the Playbook workflow and utilize it for other nodes as input data |
Playbook Actions
The following are some of the primary and basic actions that you can perform with Playbooks. You can also perform various other advanced actions on Playbooks.
Creating a Playbook: You can create a new custom Playbook from scratch based on the security operations needs. You must have Create Playbooks permissions to access and create new Playbooks.
Test Playbook Instance: Once you have created the Playbook sequence, it is important to test the connectivity of the Playbook instance before executing it. You can test the connectivity of a single instance or all available instances for a Playbook.
Executing a Playbook: You can manually run a Playbook or schedule the Playbook to run automatically when triggered by an event.
Viewing Run Logs: Run logs help you analyze the execution details of a Playbook, especially the run details for each node that is defined in the Playbook workflow. You can take a look at the Run Logs for any debugging purpose.
Advanced Playbook Actions
In addition to the above actions, you can also perform the following actions on Playbooks:
Action | Description |
Import Playbook | You can import a Playbook from the Playbook Store or a custom Playbook in JSON format. |
Edit Playbook | Edit the details of an existing Playbook by selecting a Playbook, and clicking Edit. |
View Playbook Details | View the details of the Playbook in a table or a grid view. |
Follow Playbook | Click the bookmark icon to bookmark or follow a Playbook to receive notifications specific to that Playbook for any update made or success/failed execution information. |
Search Playbook | Search for any Playbook using the Search Playbooks option on the Manage Playbooks listing page. |
Export Playbooks | Export Playbooks in JSON or PNG format to your local. The Playbooks can be exported and then recovered back in case of a corrupt Playbook. |
Sort Playbooks | Sort Playbooks in ascending or descending order. |
Filter Playbooks | Filter Playbooks based on status (active/inactive), schedule, bookmark status, or created by fields. |
View Associated Playbooks | View associated Master and Sub Playbooks from both the grid and table view. |
Terminate Playbook | Terminate a Playbook while running to abort the execution of the remaining tasks. |
View Activity Logs | View all the activity logs for a specific Playbook. |
Playbook Inputs | While defining a node in the Playbook sequence, the input for the node can either be specified manually or can be retrieved from the output of another node (action, condition, input, and memory) or from any source event data. The input data to be fetched can be specified using dynamic paths. |