Build and manage playbooks

The Playbook designer assists you in creating a playbook graphically based on your incident response or case management scenario.

If you are unfamiliar with Playbook designer, review the descriptions in Graphically designing playbooks with Playbook designer.

Before you create a playbook, define your goals, processes, conditions to start the playbook, and data flow. The instructions that are presented are for the mechanics of building a playbook, not the actual incident response process.

To access the Playbook designer, click Playbooks in the menu bar. The initial page provides a list of all the playbooks and their status.

To create a playbook, review the following topics.
You can manage playbooks as follows.
  • To edit a playbook, click the name of the playbook in the Playbooks page. Make any changes that are needed. When you save your changes, you might impact any running instances of the playbook. For example, if you change and save a script before the instance runs the script, the playbook uses the updated script. If needed, you can cancel any running instances.
  • To prevent a playbook from running, you can disable the playbook by setting the Enabled toggle to Disabled.
  • To delete a playbook, click its delete icon from the Playbooks page. You can also delete an open playbook by clicking the menu icon in the header and selecting Delete playbook. When you choose to delete playbook, you have a brief amount of time to undo the deletion. If you do not undo the deletion, any unfinished playbook executions are then canceled. If you choose to undo the deletion, any unfinished playbook executions continue to run.
  • You can export your playbooks for use with another SOAR Platform or import a playbook. For more information, see Exporting and importing playbooks.