Customizations

A customization is a tool within the playbook toolkit that can act upon, supplement or contain data. Customizations include functions, message destinations, tasks, notes, artifacts, and scripts.

The Orchestration & Automation has a number of customizations that you can use to create your playbook:

Incident Types. Allows you to classify the various types of incidents your team will address.
Phases. Defines each stage of an incident response, essentially capturing the general intent of the response action.
Tasks. Defines all the tasks that may need to be performed by end users, such as an analyst or incident responder. Tasks can be in the form of a set of instructions or advisories or an action that a responder selects.
Layouts. Layouts visually present the incident.
Fields and Data Tables. Fields capture data points for analysis review and to produce metrics. Data tables capture and organize field values in a spreadsheet table format.
Scripts. Allows you to implement more complex business logic using Python. Scripts can be triggered by playbooks, rules or workflows.
Functions. A Resilient object that sends data to a remote function processor through a message destination. The function processor performs an activity then returns the results.
Workflows. Graphically designed set of activities that allows you to create a complex set of operations.
Rules. Define a set of activities that are triggered when conditions are met. An activity is an operation that the rule executes when the appropriate conditions are satisfied.