Executing a Playbook

FortiSIEM allows you to execute existing FortiSOAR Playbooks on an event or incident.

• Executing a Playbook on an Event

• Executing a Playbook on an Incident

Executing Playbook on an Event

To execute a Playbook on an event, take the following steps.

1. From the ANALYTICS page, select an event.

2. Click Execute Playbook.

3. From the Execute Playbook window, take the following steps.

   1. From the Folders column, expand any Playbook folder to view its content.

   2. From the Items column, select the Playbook you wish to execute and click >. The Playbook will appear in the Selections column. You may also search for Playbooks by using the Items Search... field.
      

      If you wish to remove a Playbook from the Selections column, select the Playbook you wish to remove and click <.
      

   3. When ready to execute your Playbook, click Execute. The Playbook Execution Result window appears. This window provides a summary of result. Clicking Details will display additional information. Click on View Output to view any information related on a specific Playbook topic (Summary, Details, a specific attribute if applicable).

   4. When done, click Close.