The Playbooks tab displays in the Cases page when there's a
playbook attached to an alert. When you click a playbook in this tab, the
playbook summary appears in a side drawer.
This shows the following information:
Playbook name and status: The name of the playbook and its
current run status.
Pending Action: waiting for user input: The playbook is waiting
for an analyst to take action. A push notification also informs the relevant
user that the playbook is awaiting their input.
Time and length of playbook run: Shows the start time and the
total duration of the playbook run.
Integrations: List of integrations used by this playbook.
When you click an integration, it marks the specific step in the
playbook viewer, allowing the analyst to focus on it.
Playbook flow: Each step that was run with its status and step
result.
Errors: List of errors. An error that stops the playbook is highlighted at the top of the summary, while a skipped action appears at the bottom. You can also choose to rerun the action or playbook from this point.
You can also click any of the playbook steps to see information relating to
that step only in the side drawer.
The following actions are available at the top of the Playbooks tab:
autorenew
Refresh: Updates the Playbooks tab to display the latest information.
Jump to Case Wall: Takes you to the case
wall directly from the Playbooks tab.
addAdd Playbook: Choose which playbook to add to the case.
Click
replay
Rerun Playbook to rerun playbooks attached to alerts. For more information,
see Rerun playbooks.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-24 UTC."],[[["\u003cp\u003eThe \u003cstrong\u003ePlaybooks\u003c/strong\u003e tab in the \u003cstrong\u003eCases\u003c/strong\u003e page displays playbooks attached to alerts, providing a summary of each playbook when clicked.\u003c/p\u003e\n"],["\u003cp\u003ePlaybook summaries include the playbook name, status, pending actions, run time, integrations used, flow, and any errors encountered.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003cstrong\u003ePlaybooks\u003c/strong\u003e tab features actions like \u003cstrong\u003eRefresh\u003c/strong\u003e, \u003cstrong\u003eJump to Case Wall\u003c/strong\u003e, and \u003cstrong\u003eAdd Playbook\u003c/strong\u003e, for managing and viewing playbooks.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003cstrong\u003eRerun Playbook\u003c/strong\u003e option allows users to rerun playbooks attached to alerts, with detailed information on each step accessible.\u003c/p\u003e\n"]]],[],null,[]]
Jump to Case Wall: Takes you to the case
wall directly from the Playbooks tab.