Planning approach

Good planning makes playbook performance far more efficient and effective.

The following approach is recommended when designing a playbook.
  1. Categorize your events. Use the Incident Type feature to organize your events into categories.
  2. Map your response progression. Use the Phases features.
  3. Define your manual intervention responses. Use the Tasks feature.
  4. Design the “look and feel,” including how you want to organize your data. Use the Incident Layouts, Fields, and Data Tables features.
  5. Define your decision-making process. Use the Playbooks and Scripts features. For those use cases not covered by Playbooks, use Rules, Workflows and Scripts instead.
  6. Automate information gathering and decision making. Use Threat Services and Functions features, and deploy apps appropriate for your environment.
  7. Test your playbook.