A playbook codifies a security analyst's intelligence on how to analyze the imported data sets. A playbook incorporates the analyst's expertise in a logical process to take multiple inputs and apply data reduction and advanced correlation techniques to generate a single score or ranking as the output for each event. The playbook results in a decision for each event about whether it is acceptable or suspicious.
Playbooks and
...
permissions
To view or work with playbooks, you must be in a group that has Playbook permission.
A playbook usually consists of multiple types of Devo SOAR entities, including the playbook itself, event types, connections, and so on. Your ability to include different entities in a playbook depends on whether you have access to those entities. A playbook that you have access to will execute even if you don't have access to all its includes entities.
Starting a
...
playbook
A playbook can begin with an event type or other automation that ingests data. In the graphical playbook creation process, you create steps based on the actions you want to perform and can view the results of each step and the overall flow of the playbook. The playbook codifies the logic, and the playbook output is the ranking.
...