How to start writing Playbooks for Devo SOAR

Your day is filled with workflows, procedures and repetitive steps.  Maybe you just started the Devo SOAR Trial or are about to and want to know just how to get started with Playbooks.  This article will show you a few playbooks in natural language and share some tips on how to convert your workflows into playbooks and be ready to create them in Devo SOAR.

Writing Playbooks in Natural Language

Writing down your process is something you are probably already doing.  With these examples and tips you can adapt those workflows to make the transition much easier to using Devo SOAR.

Creating a Playbook in natural language is as easy as creating a bullet list. These examples will help illustrate.

Simple Playbook Example

What is the Goal?

We want to monitor our email security solution.  If it fails, block inbound and outbound emails until problem is resolved. 

Write it out in steps

1. Prepare an email to send.
2. Send the email.
3. Check integration output for errors.
4. Parse the email integration results.
5. Grab successful sends.
6. Add to a tracking custom list.

[You thought this was going to be harder didn’t you?]

That’s it!  Here is what that looks like in Devo SOAR.

Lets expand on this task with a new playbook.

Expand the Scope

We are going to check the emails we are receiving to ensure the system is working add branching conditions and take some actions.

Write out the steps

1. Check inbox set up in first playbook for new emails.
2. Each email is loaded and compared with what is on the email tracking list.
3. Check for 1 of 3 scenarios.
   • Email from tracking list arrived as expected within the time threshold of 5 minutes.
   • Email from tracking list has not arrived and the threshold has passed.
   • Email from tracking list has shown up, but it’s beyond the threshold of 5 minutes.
4. If any emails are found that need to be escalated, they are checked against a second custom list which is tracking escalations. This list insures that a maximum of 1 escalation is sent per hour.
5. At this point if we need to escalate and we have not already escalated within the past hour then a new escalation is prepped.
6. Update tracking email list, emails received or emails that are escalated are removed from tracking.
7. If there is an escalation the escalation tracking list is updated.

And here is what this looks like in Devo SOAR:
 

For every key action in your workflow you will find a corresponding module in Devo SOAR, So there is no need to adapt or rethink your workflow, just make sure you don’t forget any steps!

Try it for yourself!

Can’t wait to get started?  Good news for you, the team has made available the Trial of Devo SOAR for free!   What are you waiting for?