Playbook designer

A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to a case/incident. The IBM Security Orchestration & Automation application updates the response automatically as the case or incident progresses and is modified.

A playbook designer customizes the playbook in Orchestration & Automation so that it implements the group’s response plan.

Orchestration & Automation provides a variety of tools to help you design and implement your playbook. The coordinated application of all of these features make dynamic playbooks a powerful tool for accelerating the execution of methodical case/incident responses processes and, ultimately, remediation of cases.

IBM recommends the following approach when designing a dynamic playbook.
  1. Categorize your events. Use the Incident Type feature to organize your events into categories.
  2. Map your response progression. Use the Phases features.
  3. Define your manual intervention responses. Use the Tasks feature.
  4. Design the “look and feel,” including how you want to organize your data. Use the Incident Layouts, Fields, and Data Tables features.
  5. Define your decision-making process. Use the Rules, Workflows, and Scripts features.
  6. Automate information gathering, decision making and responses. Use Functions, Custom Actions and various integration options.
  7. Test your playbook. Use the Simulations feature to test.

The following sections take a closer look at each major feature you use to design your playbook.