About playbook automation APIs
The playbook automation API allows security operations teams to develop detailed automation strategies. Playbooks serve many purposes, ranging from automating small investigative tasks that can speed up analysis to large-scale responses to a security breach. The playbook automation APIs are supported to leverage the capabilities of the platform.
The playbook automation APIs operates using containers, artifacts, datapaths, apps, and assets. To learn more about containers, artifacts, datapaths, apps, and assets, see the following sections:
- Containers are the top-level data structure the playbook automation APIs operate on. A container is a composite object that consists of one or more artifacts that can be automated against. To learn more about containers and artifacts, see Understanding containers and Understanding artifacts.
- To learn more about the datapaths used by the playbook automation APIs, see Understanding datapaths.
- Apps are included and shipped with and provide actions that are used by the playbooks. Assets are instances of apps configured by a admin. To learn more about apps and assets, see Understanding apps and assets.
The automation APIs are made up of the following groups: the playbook automation API, the container automation API, the data management automation API, the data access automation API, the session automation API, the vault automation API, and the network automation API. For more information about the automation APIs, see Automation API.
For more information about how to leverage the platform to perform automation, see the documentation.
|You want to do this||Documentation|
|Create, update, and selectively remove objects from the system.||See REST API Reference for .|
|Create a playbook to automate your workflows.||See Build Playbooks with the Playbook Editor.|
|Examples of using some of the key automation API functions.||See the Python Playbook Tutorial for manual.|
This documentation applies to the following versions of Splunk® SOAR (Cloud): current