Playbooks: Run Profiles
  • 17 Nov 2023
  • 5 Minutes to read
  • Dark
    Light

Playbooks: Run Profiles

  • Dark
    Light

Article Summary

Overview

Run Profiles represent the data type or event needed to execute a Playbook in ThreatConnect® without needing to navigate away from the Playbook Designer. For example, you can create a Run Profile that represents an HTTP request that will execute when a WebHook Trigger is called, and then you can execute the Playbook using the Run Profile.

Note
Run Profiles are available to use with any Playbook in an Organization, not just the Playbook in which they were created.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for viewing Run Profiles and Playbooks)
  • Organization role of Standard User (for creating, modifying, and deleting Run Profiles and activating and de-activating Playbooks)
PrerequisitesPlaybooks enabled by a System Administrator

Viewing and Managing Run Profiles

Viewing Run Profiles

  1. On the top navigation bar, click Playbooks to display the Playbooks screen.
  2. Open an existing Playbook or create a new one and configure it.
  3. ClickPlaybook Designer Run Profiles iconRun Profiles on the side navigation bar of the Playbook Designer to display the Run Profiles pane (Figure 1). Graphical user interface  Description automatically generated

     

  4. Run Profiles that have been created for the Trigger type used in the Playbook will be displayed in the Run Profiles pane (Figure 2). To view all Run Profiles available in an Organization, toggle the Show All slider on while the Playbook is in Design Mode or Interactive ModeTable  Description automatically generated

     

Note
All Run Profiles are available to all users within an Organization, regardless of who created them.

Editing Run Profiles

  1. Click EditPencil icon_Blackin the Options column for the Run Profile (Figure 2). The Create Profile screen will be displayed in the Run Profiles pane (Figure 3). Graphical user interface, application, Teams  Description automatically generated

     

    Note
    The Run Profile's Type cannot be changed.
  2. Click the NEXT button to edit the configuration options. The options vary by Trigger type. See the “Creating Run Profiles" section for further guidance.

Deleting Run Profiles

Click DeleteIcon  Description automatically generatedin the Options column for the Run Profile (Figure 2). The Delete Run Profile? window will be displayed. Click the DELETE button.

Creating Run Profiles

Run Profiles are created to represent a specific Indicator or Group in an owner needed to execute the corresponding Indicator or Group Trigger or a specific event needed to execute a Mailbox, Timer, or WebHook Trigger. In addition to creating Run Profiles as described in this section, you can create a Run Profile for a logged Playbook execution from the Execution Details pane while viewing the results of the execution.

  1. Click + Create Run Profile at the upper-left corner of the Run Profiles pane (Figure 2). The Create Profile section will be displayed (Figure 4). Graphical user interface, application  Description automatically generated

     

  2. The configuration options for Run Profiles vary by the Trigger type selected in the Type field. See the next set of subsections for guidance on each Trigger type.

Indicator or Group Trigger

  1. Create a new Run Profile as described in the “Creating Run Profiles" section and select an Indicator or Group type as the Type. An Owner dropdown will be displayed (Figure 5). Graphical user interface, text, application, email  Description automatically generated

     

    • Owner: Select the owner that contains the Indicator or Group that will act as the trigger for the Run Profile.
  2. Click the NEXT button.
  3. The Configure section will be displayed, showing a text field corresponding to the Indicator or Group type that was selected in the previous step (Figure 6). Graphical user interface, application  Description automatically generated

     

  4. Enter the Summary for the Indicator or Group that will be used to execute the Playbook into the text field. As you type the Summary, a list of results matching the text entered will be displayed (Figure 7). Graphical user interface, application  Description automatically generated

     

  5. Select an object from the list of results. Information about the object, including its OWNER, TYPE, LAST MODIFIED date, and NAME, will be displayed (Figure 8). Click theView full details in new tab iconicon to view the object’s Details screenGraphical user interface, text, application  Description automatically generated

     

  6. Click the SAVE button.
    Note
    If a Run Profile is not displayed in the Run Profiles pane after you create it, ensure that the Playbook uses a Trigger type that matches the Run Profile’s Type. Alternatively, toggle the Show All switch on to display all Run Profiles in your Organization.

Mailbox Trigger

Create a new Run Profile as described in the “Creating Run Profiles" section, select Mailbox as the Type, and click the NEXT button. The Configure section will be displayed (Figure 9).

Graphical user interface, application  Description automatically generated

 

  • trg.mbox.header (KeyValueArray): Enter the mailbox header in a key/value format.
  • trg.mbox.header (String): Enter the mailbox header in string format.
  • trg.mbox.to (String): Enter the mailbox recipient.
  • trg.mbox.from (String): Enter the mailbox sender.
  • trg.mbox.subject (String): Enter the email’s subject line.
  • trg.mbox.body (String): Enter the body of the email in plain text format.
  • trg.mbox.htmlbody (String): Enter the body of the email in HTML format.
  • trg.mbox.attachment (Binary): Upload an email file attachment.
  • trg.mbox.fulltext (String): Enter the full text contents of the email.
  • trg.mbox.filename (String): Enter a single filename for the email.
  • trg.mbox.filename (StringArray): Enter a StringArray of filenames representing email file attachments.
  • Click the SAVE button.
Note
You can also configure each option by toggling the Upload slider on and then uploading a JSON file.

Timer Trigger

Create a new Run Profile as described in the “Creating Run Profiles” section, select Timer as the Type, and click the NEXT button. The Configure section will be displayed (Figure 10).

Graphical user interface, text, application, email  Description automatically generated

 

  • trg.timer.timestamp (String): Enter the timestamp in ISO 8601 format. Alternatively, toggle the Upload slider on to upload a JSON file containing the timestamp.
  • Click the SAVE button.

WebHook Trigger

Create a new Run Profile as described in the “Creating Run Profiles" section, select WebHook as the Type, and click the NEXT button. The Configure section will be displayed (Figure 11).

Graphical user interface, application  Description automatically generated

 

  • Method (String): Enter the HTTP method that will be used when the WebHook Trigger is called. Acceptable values include GET, PUT, POST, DELETE, OPTIONS, and HEAD.
  • Query Param (KeyValueArray): Enter a key/value pair of query parameters that will be sent to the HTTP request when the WebHook Trigger is called. Alternatively, toggle the Upload slider on to upload a JSON string with an array of key/value pairs.
  • Header (KeyValueArray): Enter a key/value pair of header parameters that will be sent to the HTTP request when the WebHook Trigger is called. Alternatively, toggle the Upload slider on to upload a JSON string with an array of key/value pairs.
  • Body (String): Enter string content used during POST and PUT calls to the WebHook Trigger. Alternatively, toggle the Upload slider on to upload a JSON file containing the string content.
  • Body (Binary): Upload binary content used during POST and PUT calls to the WebHook Trigger.
  • Click the SAVE button.

Executing a Playbook Using a Run Profile

To execute an active Playbook using a Run Profile, open the Playbook in the Playbook Designer and click the Run PlaybookLogo  Description automatically generated with low confidenceicon displayed on the Playbook’s Trigger (Figure 12). A list of available Run Profiles matching the Trigger type will be displayed. If no available Run Profiles match the Trigger type, click Create Profile to create a new Run Profile. See the “Creating Run Profiles" section for more information.

Diagram  Description automatically generated

 

For more information about Playbook executions, see Playbooks Executions.


ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20113-01 v.01.D


Was this article helpful?