Splunk® SOAR (On-premises)

Build Playbooks with the Playbook Editor

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Require user input to continue running the playbook using the classic playbook editor

You can configure a task or prompt in your playbook that must be acknowledged by a user before further actions in the playbook are run. You can configure the following types of user input in a playbook:

  • A manual task using a Manual Task block that must be acknowledged by a user.
  • A prompt using a Prompt block that must be acknowledged by a user. You can configure a specific response type with a Prompt block.

Require user input using the Manual Task block in your playbook

Use a Manual Task block to send a message to a user or group that they must acknowledge. This is the same as manually running a task action from the Investigation menu.

To configure a manual task, perform the following tasks:

  1. Drop a new block onto the playbook editor.
  2. Click on the block, then select Manual Task from the block types.
  3. Select an Approver from the drop-down list. If the task is assigned to a group of users, the first user to process it completes the task.
  4. From the Required response time field, choose the response time in minutes.
  5. In the Message box, craft a meaningful message so the users receiving the message understand what actions they must take.

Require user input using the Prompt block in your playbook

Use a Prompt block in your playbook to send a message to a user or group that they must acknowledge.

To configure a prompt, perform the following tasks:

  1. Drop a new block onto the playbook editor.
  2. Click on the block, and then select Prompt from the block types.
  3. Select an Approver from the drop-down list. If the task is assigned to a group of users, the first user to process it completes the task.
  4. From the Required response time field, choose the response time in minutes.
  5. In the Message box, craft a meaningful message so the users receiving the message understand what actions they must take. Markdown is supported.
  6. From the Responses drop-down list, choose the type of response required to complete the task. If the response type is Message, markdown is supported.

See https://guides.github.com/features/mastering-markdown/ for more information on the type of Markdown that can be used in the Message box.

Last modified on 02 April, 2024
Customize the format of your playbook content using the classic playbook editor   Set container parameters in using the API block with the classic playbook editor

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters