View the details of a playbook execution.
In the Execution Results tab of Security Playbooks,
clicking an execution ID provides details about the playbook execution and a visual
representation of the playbook configuration.
The Execution Details section consists of the Workbench alert that
triggered the playbook, the current status of the execution, the time and date when
the
execution was last updated, and a summary of the triggered action nodes.
There are six possible action node statuses:
-
Pending approval (
): Actions require approval to be performed
Note
Pending actions expire if not approved within 24 hours of executing a playbook. -
In progress... (
): Actions executing -
Successful (
): Actions executed successfully -
Partially successful (
): Some actions executed successfully -
Unsuccessful (
): An error occurred executing actions or pending approvals were not handled within
24
hours of executing the playbook -
Queued (
): Actions queued
The Action section provides a hierarchical list of the action nodes that
were triggered and their current status. The following table outlines the actions
available
within the section.
|
Action
|
Description
|
||
|
Focus on a node
|
Click an action node in the list to focus the playbook visualization on the
selected node.
|
||
|
Refresh the list
|
Click the Refresh list icon (
 ) to update the status of all listed action
nodes. |
||
|
Examine an action node
|
Click Check details to open the Action Details screen,
which tallies and lists the status for each target of the selected node.
|
||
|
Download a CSV file
|
Click Download file to download a CSV detailing the results
of the playbook execution up to the selected node.
|