Alert Playbooks Tab
The Playbooks tab displays when there is a Playbook attached to an Alert. When clicking on a Playbook in this tab, the Playbook Summary appears in a side drawer.
This shows the following information:
- Playbook Name and Status
- Pending Actions - Waiting for User Input: If the Playbook is waiting for the security engineer to do something, this will be displayed prominently at the top of the Playbook Summary. In addition, a Push notification will be sent to the relevant user letting them know that the Playbook is waiting for them.
- Time and Length of Playbook Run
- Integrations: list of Integrations being used by this Playbook. When clicking on an integration, the specific step will be marked in the playbook viewer so that the analyst can easily find the step that they wants to focus on.
- Playbook Flow: each step that was run with its status and step result.
- Errors: any errors will be listed here. If an error caused the playbook to stop it will be highlighted at the top of the summary, but if it was skipped, it will be at the bottom. You can also choose to rerun the Action or Playbook from here.
You can also click on any of the Playbook steps to see information relating to that step only in the side drawer.
The following actions are available at the top right of the Alert Playbook Tab.
From left to right:
- Refresh
- Jump to Case Wall takes you to the Case Wall directly from the Playbook Alert tab.
- Plus : Add a new Playbook. Here you can choose which Playbook to add to the case.