View the list of configured playbooks in
The playbooks list contains all of your currently available playbooks and significant metadata about those playbooks. Use the playbooks list to sort, filter, and manage your playbooks.
To view the playbooks list, complete the following steps:
- From the Home menu, select Playbooks. All playbooks display.
- Select the Internal repositories tab to view playbooks that are specific to your organization.
- (Optional) Use the search field to find specific playbooks. Searches are case-insensitive and partial-word matches are supported. This search does not support booleans, such as AND, NOT, or OR. For additional information on finding existing playbooks, see Find existing playbooks in Build Playbooks with the Playbook Editor.
You can select the vertical ellipsis (⋮) icon to switch between displays of available columns in the playbook list. Items marked with a check mark (✓) appear in the playbook list. A horizontal scroll bar appears at the bottom of the playbook list as well.
From the playbooks list, you can complete the following tasks:
- Reorder playbooks
- Configure source control
- Import playbooks
- Manage playbooks with the Visual Playbook Editor
You can set the playbook run order for playbooks with an Active status. Playbooks with an Inactive status do not run. By changing a playbook's status to Inactive, you cancel the running playbook. The next playbook in the list starts after the preceding playbook's
on_start() function is complete.
If you want one playbook to start only if another playbook finishes running completely, use the
phantom.playbook() function instead of the playbook list. See playbook in the Python Playbook API Reference for .
Configure source control
To update a playbook from source control, complete the following steps:
- Select a repository from the drop-down list in the Source to update from field.
- Select either Force Update or Preserve State
- Force Update treats the remote repository as authoritative. Using this overwrites any local changes to playbooks.
- Preserve State retains the local metadata for changes to playbooks. Playbooks from the community repository always have a status of Inactive. If you have set the status of a community playbook to Active locally, updating from the community repository will set its status to Inactive unless you select Preserve State.
- Click Update.
You can also manage the source control settings by selecting the manage source control icon (). See Configure a source code repository for your playbooks in Administer .
To import a playbook that was exported from another instance of , complete the following steps:
- Select the import icon ().
- In the Source to update field, select a repository where you want to write the imported playbook.
- (Optional) Click Force Update to overwrite existing versions of the same playbook.
- Drag and drop a compressed playbook in
.tgzformat, or click and navigate to the playbook.
- Click Upload.
Manage playbooks with the Visual Playbook Editor
You can manage your playbooks by opening the Visual Playbook Editor.
Create new playbooks
Select the add playbook icon () to open the Visual Playbook Editor and create a new playbook. See Create a new playbook in in Build Playbooks with the Playbook Editor.
Edit, delete, export, or copy a playbook
Select the name of a playbook to open it in the Visual Playbook Editor. For more information, see Create a new playbook in using the visual playbook editor in Build Playbooks with the Playbook Editor.
Select the check box next to the playbook name to select one or more playbooks. After you select playbooks, you can complete the following actions:
|Set the properties of the selected playbooks, not the playbooks themselves. Set the status, logging mode, safe mode, labels, category, and tags by selecting the property value you want from the drop-down list.
|Delete the selected playbooks. A dialog box asks you to confirm your choice.
|Download the playbook as a .tgz extension archive. You can export only one playbook at a time.
|Save the playbook to a repository that you have configured, such as Git. You can only copy one playbook at a time.
Create Executive Summary reports and view all reports in
This documentation applies to the following versions of Splunk® SOAR (Cloud): current