Check overall execution status and execution results of playbooks.

After a security playbook executes, you can view the execution results and any pending actions on the Execution Results tab. Be aware that these results will only be retained for a period of 180 days.
For customers that have updated to the Foundation Services release, execution results might not be visible if there are no endpoints within the asset visibility scope of the user who executed the playbook.
The following table outlines the actions available on the Execution Results tab.
Filter executed playbook data
Use the Search field and drop-down lists to locate specific task data.
  • Type: The current status of the executed playbook
    There are six possible playbook execution statuses:
    • Pending approval (pending-approval.png) (if applicable): Some playbook actions waiting for approval
    • In progress... (in-progress.png): Playbook executing
    • Successful (successful.png): All playbook actions executed successfully
    • Partially successful (partially-successful.png): Some playbook actions executed successfully
    • Unsuccessful (unsuccessful.png): An error or time-out occurred, or a pending action was not approved within 24 hours of executing the playbook
    • Queued (queued.png): Playbook queued
  • Created: The time when the playbook was created
  • Search: Provides partial matching for the Execution ID and Playbook fields
Approve or reject pending actions
Click the number under Actions required to approve or reject pending actions in the playbook.
Pending actions expire if not approved within 24 hours of executing a playbook.
View execution details of a user-defined playbook
Click the execution ID to open the Execution details screen, which provides detailed information about the playbook execution, including the status of each triggered action node.
Edit the playbook
Click the Edit playbook icon (edit.png) to edit the playbook.