View the list of configured playbooks in Splunk Phantom
The playbooks list contains all your currently available Splunk Phantom playbooks and significant metadata about those playbooks. Use the playbooks list to sort, filter, and manage your playbooks.
To open the playbooks list, perform the following steps:
- From the main menu, select Playbooks.
- Click the Playbooks tab if it's not already open.
- (Optional) Use the search field to find specific playbooks. Searches are case-insensitive and partial-word matches are supported. This search does not support booleans, such as AND, NOT, or OR.
Use the buttons to reorder the playbooks on this page, configure source control, import playbooks, or create new playbooks:
|Set the order to run playbooks with a status of Active.
|Splunk Phantom stores playbooks in Git repositories. See Configure a source code repository for your playbooks in Administer Splunk Phantom. Click this button to open the Update from Source Control dialog.
|Manage source control settings. See Configure a source code repository for your Splunk Phantom playbooks in Administer Splunk Phantom.|
|Import a playbook that was exported from another instance of Splunk Phantom.
|Open the Visual Playbook Editor (VPE) to create a new playbook. SeeCreate a new playbook in Splunk Phantom using the visual playbook editor in Build Playbooks with the Visual Editor.|
Click the vertical ellipsis (⋮) icon to toggle the display of the available columns in the playbook list. Items marked with a check mark (✓) are displayed in the playbook list. When the space required to display the columns exceeds the width of the current window, a scroll bar appears at the bottom of the playbook list.
Edit, delete, export, or copy a playbook
Click the name of a playbook to open it in the Visual Playbook Editor. For more information, see Create a new playbook in Splunk Phantom using the visual playbook editor in Build Playbooks with the Visual Editor.
Check the checkbox next to the playbook name to select one or more playbooks. After playbooks are selected, you can perform the following actions:
|Edit||Set the properties of the selected playbooks, not the playbooks themselves. Set the status, logging mode, safe mode, which labels the playbook operates on, the category, and tags by selecting the property value you want from the drop-down list.|
|Delete||Delete the selected playbooks. A dialog box asks you to confirm your choice.|
|Export||Download the playbook as a .tgz extension archive. You can export only one playbook at a time.|
|Copy||Save the playbook to a repository that you have configured, such as Git. You can only copy one playbook at a time.|
Search within Splunk Phantom
Create Executive Summary reports and view all reports in Splunk Phantom
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7