Playbooks
Managing playbooks in the web dashboard.
Playbook List
Access at /playbooks
Views
- Active: Currently enabled playbooks
- Inactive: Disabled playbooks
- All: Complete list
Information Displayed
- Name and description
- Trigger conditions
- Last run time
- Success rate
Creating Playbooks
Click "New Playbook" button.
Basic Information
- Name: Unique identifier
- Description: What this playbook does
- Version: Semantic version
Triggers
Configure when playbook runs:
- Incident Type: Phishing, malware, etc.
- Auto Run: Run automatically on new incidents
- Conditions: Additional criteria
Variables
Define playbook variables:
quarantine_threshold: 0.7
notification_channel: "#security"
Step Editor
Visual editor for playbook steps.
Adding Steps
- Click "Add Step"
- Select action type
- Configure parameters
- Set output variable name
Step Types
- Action: Execute an action
- Condition: Branch logic
- AI Analysis: Get AI verdict
- Parallel: Run steps concurrently
Connections
- Drag to reorder steps
- Connect condition branches
- Set dependencies
Testing Playbooks
Dry Run
- Click "Test"
- Select or create test incident
- Toggle "Dry Run"
- View step-by-step execution
With Live Data
- Click "Test"
- Select real incident
- Leave "Dry Run" off
- Actions will execute (with approval)
Execution History
View past executions:
- Execution timestamp
- Incident processed
- Steps completed
- Final verdict
- Duration
Click execution for detailed trace.
Import/Export
Export
- Select playbook
- Click "Export"
- Download YAML file
Import
- Click "Import"
- Upload YAML file
- Review parsed playbook
- Click "Create"
Playbook Versions
Playbooks are versioned:
- Edit playbook
- Bump version number
- Save as new version
- Old version kept for rollback
View version history and compare changes.