A collection of paradigms and constructs for building playbooks in ThreatConnect.
This is currently a living document and should not, by any means, be considered canon. Many of the tips and gotchas captured in this document may be out of date as improvements are made to playbooks. These are just helpful tips and hints that will help you build more robust, effective, and maintainable Playbooks. Available as a gitbook here: https://pb-constructs.hightower.space/playbooks/.
Feel free to contact me with any questions, comments, or ideas.
Enjoy,
Floyd Hightower
- Playbooks 101
- Paradigms
- Constructs
- Array Iteration
- Collecting and Processing Data in Playbooks
- CSV Parser
- HTTP Trigger Response Codes
- How to Check if a String is Empty
- Human-in-the-Loop Workflows
- If-Merge: Merging Conditional Paths
- JSON Path Filtering
- JSON-to-Join: Converting String Array to String
- Making a Playbook Fail
- Making HTTP Requests and Visually Selecting JSON Paths
- Merge Operator
- Repeat Until Successful
- Retrieving the Value of a Custom Metric
- Sorting Datastore Content
- Trigger Passback
- Using Breakpoints to Debug Playbooks
- Variable Initialization
- Introductions
- Helpful Tips and Tricks
- Gotchas