Work Plan - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

A Cortex XSOAR Work Plan is a visual representation of the running Playbook that is assigned to an incident. Monitor and manage a Playbook work flow.

The Work Plan is a visual representation of the running Playbook that is assigned to the incident. Playbooks enable you to automate many of your security processes, including, but not limited to handling your investigations and managing your tickets. Work Plans enable you to monitor and manage a Playbook work flow, and add new tasks to tailor the Playbook to a specific investigation.

When clicking the Follow checkbox you can see the Playbook executing in real-time.

In the Work Plan you can do the following:

  • View inputs and outputs of a playbook.

  • View, create, and edit a playbook task for each required step.

    When you create a task, add a name, automation, and description. The name and description should be meaningful so that the task corresponds to the data that you are collecting.

    For each task you can do the following:

    Designate tasks as complete either manually or by running a script.

    Assign an owner for a task.

    Set a due date for the task.

    Add comments and completed notes, as required.

  • Re-run the playbook, zoom in and out, and export to a PNG format.

The color coding and symbols in the Work Plan help you to easily troubleshoot errors or respond to manual steps. The following table displays the color codes and their meanings.

incident-color-coding.png