Incident ResponderGet Started With Incident Responder

Table of Contents

Get to Know the Playbook Interface

Learn about the interface components you use to create and edit playbooks.

On the playbook interface, you create and edit playbooks.Create a PlaybookCreate a Playbook

This is a new playbook created using the phishing template. Let's explore this playbook:

The phishing playbook template highlighted with red rectangles and labeled with numbers.

1 Control how you view the interface. Zoom in, out, or reset the view to the default.

2 Save your playbook and return to the PLAYBOOKS page. You can save your playbook even if it's incomplete, but if it contains any errors, it will not run.

3 A playbook is made of nodes. You connect each node to one or more other nodes. Each node has two or more ports, inbound and outbound. To view a node's ports, hover over the node.

Every playbook has a start node and end node that defines its logical boundaries—where the playbook starts and ends. You cannot change these two nodes.The start node has one outbound port; the end node has one inbound port.

To build the logic of your playbook, add nodes, and configure action, decision, and filter nodes.Add an Action NodeAdd a Decision NodeAdd a Filter NodeAdd a NodeAdd a Node

If a node is outlined in red, it needs your attention. When you create a playbook using a template, all the nodes are initially outlined in red. You must click on the node and change how it's configured, or the playbook will not run.