Playbook Template Editor

Use the Playbook Template Editor to create custom Playbook templates to leverage in Secureworks® Taegis™ Automations.

Custom Playbook Template

Create a Custom Playbook Template ⫘

1. From the Secureworks® Taegis™ XDR side menu bar, select Automations→Playbooks.
2. The Playbooks Panel displays, showing any configured playbooks you have. Select the Templates tab.
3. The Templates Library displays. From the Actions pull down button on the right-hand side, select Create.
4. The Template Editor displays.
5. At the top of the Template Editor, enter a name for the template and an optional description to communicate to tenant users what the purpose of the playbook is.
   
   There are four sections in playbook template creation: DSL, Inputs & Outputs, Connectors, and Documentation. These don't necessarily need to be completed in a specific order, and throughout template creation, you may find it best to move between each, completing portions as you go. For an example of building a template, see Building Your First Playbook.

DSL ⫘

The DSL (domain-specific language) section is where you define the playbook tasks that run sequentially when the playbook is executed. Refer to Working with Playbook Tasks to define your playbook using CEL expressions.

Replace the square brackets with a hyphenated list of tasks the playbook will run when executed, defining each as required.

A playbook must call a connector created by Secureworks or a Custom Connector and one or more of its functions when it runs through its tasks to provide value.

To incorporate a connector function into the template tasks, use the task type of action to call a function of the connector and open a Connector's Details from the Connector Library in a new tab for reference.

To enter a call to a connecter, use the following format for the task:

- name: <task name>
  action: <connector name from export>.<function name from export>
  inputs:
    <inputs as required by connector>

Validate ⫘

From the DSL tab, select Validate to validate the syntax of your entry, using any error messages you receive to make corrections.

Inputs & Outputs ⫘

The Inputs & Outputs section is where you define the JSON schema in YAML format of what the template requires for inputs and what outputs it will produce. Playbooks created using this template will require the inputs and produce the outputs that you enter here.

Note that you are not setting any logic or adding values here, apart from defaults.

Replace the stubbed bracketed entries with your desired inputs and outputs, defining their properties using the Playbook Definition Language.

Provide a title in the properties of an input that will display for that field in the UI. If desired, include a default in the properties that will populate the template when used.

Connectors ⫘

The Connectors section is where you list the connector IDs for the connectors that are required by the playbook to run. These can be connectors created by Secureworks or Custom Connectors.

To find a connector ID, open a Connector's Details from the Connector Library, and select Copy Connector ID.

Enter one or more connector IDs in a hyphenated list like the following:

connectors:
  - id: <connector id>
  - id: <connector id>

Documentation ⫘

The Documentation panel gives you a markdown writing editor where you can fully describe your template. Include a summary of what the template is for, and define and describe any parameters that a user needs to fill in to use the template. Standard markdown syntax is supported. For more information, see Markdown Guide: Basic Syntax.

When you have completed the documentation, you can either save it as a draft, or publish it.

• To publish it, select Publish. This versions your template and makes it available for use in Automations.
• To save the draft, select Save As, and choose Save as Current Draft or Save as New Draft. You can pull the draft up at any time from the Template tab of Playbooks.