Splunk® SOAR (Cloud)

Python Playbook Tutorial for Splunk SOAR (Cloud)

The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Develop, test, and deploy playbooks in

Playbooks can encode a very simple and repetitive set of simple actions OR can encode a very complex strategy to actively deal with a security breach or an incident. These strategies may be comprised of many actions combined to be executed either serially or in parallel.

Actions can be executed independent of each other (and hence in parallel) if they are called one after the other in a Playbook. However in order to execute them in sequence, either because there is a genuine dependency between two actions (parameters to action #2 are the output of action #1), action #1 has to specify a callback and in the callback of action #1, action #2 can be called.

In order to build these Playbooks and confidently deploy them, the platform supports the ability to debug them so that the author can see what the playbook is doing. Once the author is confident of the results and the Playbook is executing actions as expected, the Playbook can be saved. If the intention is to let the Playbook be executed in real time as new containers or artifacts are coming in, the Playbook has to be enabled.

Last modified on 29 May, 2024
Tutorial: Chain a series of actions in  

This documentation applies to the following versions of Splunk® SOAR (Cloud): current, current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters