View alert playbooks tab

The Playbooks tab displays in the Cases page when there's a playbook attached to an alert. When you click a playbook in this tab, the playbook summary appears in a side drawer.

This shows the following information:

• Playbook name and status: The name of the playbook and its current run status.
• Pending Action: waiting for user input: The playbook is waiting for an analyst to take action. A push notification also informs the relevant user that the playbook is awaiting their input.
• Time and length of playbook run: Shows the start time and the total duration of the playbook run.
• Integrations: List of integrations used by this playbook. When you click an integration, it marks the specific step in the playbook viewer, allowing the analyst to focus on it.
• Playbook flow: Each step that was run with its status and step result.
• Errors: List of errors. An error that stops the playbook is highlighted at the top of the summary, while a skipped action appears at the bottom. You can also choose to rerun the action or playbook from this point.

You can also click any of the playbook steps to see information relating to that step only in the side drawer.

The following actions are available at the top of the Playbooks tab:

• autorenew Refresh: Updates the Playbooks tab to display the latest information.
• Jump to Case Wall: Takes you to the case wall directly from the Playbooks tab.
• add Add Playbook: Choose which playbook to add to the case.

Click replay Rerun Playbook to rerun playbooks attached to alerts. For more information, see Rerun playbooks.