IBM Security SOAR

Expand all | Collapse all

Resource for the new Playbook feature

  • 1.  Resource for the new Playbook feature

    Posted Tue June 08, 2021 04:27 AM
    I see now V41 introduce Playbook for designing incident response.
    However, I did not find much information regarding comparison between playbook and traditional Rule/WorkFlow/Functions
    Is there a whitepaer somewhere or a webex that gives some overview on:
    - What is the major improvement?
    -Best practice to migrate exsiting configuration to playbook
    - Comparison between playbook and old way of design.

    Qing Lan

  • 2.  RE: Resource for the new Playbook feature

    Posted Mon June 14, 2021 09:25 AM
    I'm not sure if there is a whitepaper.

    A Playbook is effectively a Rule+Workflow.
    A Playbook doesn't have the same Add Task/Remove Task capabilities that a Rule has. For example, tasks added by a rule are removed when the Rule conditions no longer apply. Playbooks don't have that.
    Playbooks don't yet have all the features that Workflows have: manually activation, timers, condition flows, advanced conditions for Playbook activiation. These things are actively being worked on.


    Ben Lurie