I am forming a playbook that will allow me to select available keys for AQL requests and then select them all and parse them with the "QRadar SIEM: QRadar Search" function. The output is one playbook that will flexibly select the necessary parameters from the offense event and create TABLE with all offense events data.

1st step  - gather all available AQL query keys for specified event

2nd step - select and parse all dataa from event with help of keys from 1st step

3rd step create if not available table for specifified incident name and fill all rows with data from 2nd step

Because currently I have to create new playbooks by hand for each system and each rule.

Is it possible? If YES, please provide examples for 1st step; if NOT - why not?(