Use playbooks to automate analyst workflows in
Create a playbook in to automate security workflows so that analysts can spend more time performing analysis and investigation. The playbook editor provides a visual platform for creating playbooks without having to write code.
To define a workflow that you want to automate, link together a series of actions that are provided by apps. An app is third-party software integrated with . For example, you can integrate MaxMind as an app, which provides a geolocate ip action, or integrate Okta as app to provide actions such as set password or enable user. The actions available for use in your playbooks are determined by the apps integrated with .
After you create and save a playbook in , you can run playbooks when performing these tasks in :
- Triaging or investigating cases as an analyst
- Creating or adding a case to Investigation
- Configuring playbooks to run automatically directly from the playbook editor
The playbook editor has a minimum supported screen size of 1200px.
| Choose between playbooks and classic playbooks in |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1
Download manual
Feedback submitted, thanks!