USM Anywhere enables you to create and manage playbooks, with which you can predetermine a set of steps that should be taken to remediate alarms generated from either a correlation rule or a custom orchestration rule.
Playbooks Page Overview
You can view your USM Anywhere playbooks via the History and My Playbooks tabs, and the Playbooks in Progress dashboard. To view playbooks, go to Settings > Playbooks. The page displays your playbooks on the following two tabs:
- History: This tab shows a history of all of the playbooks that have been run in your environment. This view also lists the status and owner of each playbook that has been run.
- My Playbooks: This tab displays all of the playbooks that have been created in your instance, and includes the Create Playbook button which allows you to create new playbooks.
The History tab shows a historic view of the playbooks that have been run in your instance, along with some attendant information, like the current status and owner of each playbook.
You can use the panel on the left to search for a specific playbook or to filter the playbooks displayed on this tab by criteria you choose.
The following table lists the criteria available for use in filtering playbooks.
The three status buttons allow you to search for playbooks by their current status.
|Strategy||Status notification of the rule. Each rule is classified by its severity. Values are (in increasing severity): info, warning, and error.|
The My Playbooks tab shows the complete list of all playbooks that have been created in your instance, and allows you to create new playbooks with the Create Playbook button. You can enable or disable a playbook from this page by using the toggle next to any playbook.
Note: For complete instructions to guide you through creating a new playbook, see Creating a Playbook.
The following table lists the columns you see on the page.
|Name||Name of the playbook.|
|Description||Description of the playbook.|
|Apps Used||AlienApps associated with actions in the playbook.|
|Enabled||Toggle button to enable or disable the playbook.|
|Icons to edit or delete the playbook.|
In addition, USM Anywhere provides some visibility into your existing playbooks from the My Playbooks tab. Click the plus icon to the left of any playbook in the list to view its details.
You can see the following details:
- Created On: The timestamp from when this playbook was created
Configured By: The user who created this playbook
- Apps Used: All apps referenced by actions in this playbook
- Updated On: The timestamp from when this playbook was last updated
- Last Run: The timestamp from when this playbook was last executed
- Updated By: The user who last updated this playbook
- Configured On: The timestamp from when this playbook was configured
- Events (Past 24 Hours): The number of events related to this playbook from the past 24 hours
- Actions: A sequential list of each action included in the playbook
If you have begun any Playbooks, USM Anywhere will display these playbooks in a Playbooks In Progress dashboard.
The following table lists the columns you see in the dashboard.
|Playbook Name||Name of the playbook|
|Alarm Name||Name of the alarm this playbook is currently being run against|
|Strategy||The strategy type associated with this playbook|
|Last Action||The most recent action taken in this playbook|
|Owner||The owner of record for this playbook|