After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
View the list of configured playbooks in
The Playbooks table contains all currently available playbooks and significant metadata about those playbooks. Use the playbooks list to sort, filter, and manage your playbooks.
To view the Playbooks table, select the main menu in , then select Playbooks.
From the Playbooks table page, you can perform any of the following tasks:
- Use the search field to find specific playbooks. Searches are case-insensitive and partial-word matches are supported. This search does not support booleans, such as AND, NOT, or OR.
- Search for playbooks that use a certain installed app. Select the Apps Used column heading, then either select from the list of installed apps shown or use the search box to enter the name of an installed app. The table displays only playbooks that match the specified apps.
- Select column headers to sort the playbooks. The first click sorts in ascending order. The second will sort in descending order. For example, select the Updated column header. The icon changes to indicate whether the column is sorted in descending or ascending order. so that the playbooks with the most recent changes are listed at the top.
- By default, 10 playbooks are displayed at a time. Select the Show 10 dropdown and select the number of playbooks you want displayed at a time.
- Select the Reorder Active Playbooks icon () to change the order in which active playbooks are listed.
If your Splunk SOAR and Splunk Enterprise Security instances are paired, reordering playbooks here does not affect the order of active playbooks run through automation rules.
See Reorder active playbooks in . - Select the Update from source control icon () to update playbooks based on the source you select and your source control settings.
- Select the Manage source control icon () to manage your source control settings. See Configure a source control repository for your playbooks.
- Select the Import Playbook icon () to add a playbook to . See Import a playbook to .
- Select the + Playbook button to create a new playbook. The Playbook Editor will open in a new tab or window.
The columns in the Playbook table are described in the following table. By default, all available columns are visible. Scroll to the right as needed to view all available columns. Select the vertical ellipsis icon to select which columns to display.
Column | Description |
---|---|
Name | The name and description of the playbook. |
Success | The number of times the playbook has run successfully. |
Failed | The number of times the playbook did not finish running. |
Label | The event label that the playbooks runs on. This value is configured as the Operates on field in the playbook settings. See Review playbook settings for a playbook in .
If your Splunk SOAR (Cloud) instance is paired with your Splunk Enterprise Security instance: the label is always |
Apps used | Which apps are included in the playbook. |
Assets used | Which assets are included in the playbook. |
Repo | The repository or folder where the playbook is saved. |
Category | The playbook category. This value is configured in the Category field in the playbook settings. See Review playbook settings for a playbook in . |
Status | Indicates whether or not the playbook is active:
Only active playbooks can be run. If your Splunk SOAR (Cloud) instance is paired with your Splunk Enterprise Security instance: You cannot mark Enterprise Security-type playbooks as Active. |
Mode |
Either Classic or Modern. A Classic playbook uses the older version of the two playbook editors available in , and a Modern playbook uses a newer version of the playbook editor in .
|
Type | The kind of playbook, specified when it was created. Standalone Splunk SOAR includes 2 playbook types:
|
Python Version | The Python version used in the playbook. |
Created | The date and time when the playbook was saved for the first time. |
Updated | The date and time when the playbook was most recently saved. |
Updated By | The name of the user who last updated the playbook. |
Version | The playbook version number. |
Tags | The tags associated with the playbook. |
Sub-Playbooks Called | The sub-playbooks that are called by this playbook. |
Create custom lists for use in playbook comparisons | Export and import playbooks in |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Feedback submitted, thanks!