Playbook designer

A playbook is the set of tools, conditions, business logic, flows and tasks used to respond to security events and threats in a Security Orchestration, Automation, and Response (SOAR) environment.

For the purposes of building a playbook, a SOAR environment is defined as follows:
  • Orchestration: An environment where security tools and solutions can work together to detect, respond and provide remediation of security events and threats.
  • Automation: Detection and response to events and threats without human intervention. This includes updating the response as the event progresses and is modified.
  • Response: Embedded methodical processes to respond and provide remediation of events and threats.

IBM® Security QRadar SOAR accepts data entered manually or programmatically. You then use the various playbook tools to evaluate and process the data, determine results, and perform remediation. This can include interaction with other security programs and assigning users to do manual tasks. The playbook tools include playbooks, conditions, scripts, functions, rules, workflows and tasks. In addition, you can use fields, data tables and artifacts to contain data, and phases and reports to track progress.

IBM Security QRadar SOAR contains various playbooks that you design. The playbook runs when the conditions that you define are met. A condition is a change to an instance of the object type selected in the playbook.

If you are using apps, refer also to Orchestration & Automation Apps.